Jump to content

Type enforcement

Edit links
From Wikipedia, the free encyclopedia

The concept oftype enforcement(TE), in the field ofinformation technology,is an access control mechanism for regulating access in computer systems. Implementing TE gives priority tomandatory access control(MAC) overdiscretionary access control(DAC). Access clearance is first given to a subject (e.g. process) accessing objects (e.g. files, records, messages) based on rules defined in an attachedsecurity context.A security context in a domain is defined by a domain security policy. In the Linux security module (LSM) inSELinux,the security context is an extended attribute. Type enforcement implementation is a prerequisite for MAC, and a first step beforemultilevel security(MLS) or its replacementmulti categories security(MCS). It is a complement ofrole-based access control(RBAC).

Control

[edit]

Type enforcement implies fine-grained control over the operating system, not only to have control over process execution, but also overdomain transitionorauthorization scheme.This is why it is best implemented as a kernel module, as is the case with SELinux. Using type enforcement is a way to implement theFLASKarchitecture.

Access

[edit]

Using type enforcement, users may (as inMicrosoftActive Directory) or may not (as inSELinux) be associated with a Kerberos realm, although the original type enforcement model implies so. It is always necessary to define a TE access matrix containing rules about clearance granted to a given security context, or subject's rights over objects according to an authorization scheme.

Security

[edit]

Practically, type enforcement evaluates a set of rules from the source security context of a subject, against a set of rules from the target security context of the object. A clearance decision occurs depending on the TE access description (matrix). Then, DAC or other access control mechanisms (MLS / MCS,...) apply.

History

[edit]

Type enforcement was introduced in theSecure Ada Targetarchitecture in the late 1980s with a full implementation developed in the Logical Coprocessing Kernel (LOCK) system.[1][2]TheSidewinder Internet Firewallwas implemented on a custom version of Unix that incorporated type enforcement.

A variant calleddomain type enforcementwas developed in theTrusted MACHsystem.

The original type enforcement model stated that labels should be attached to subject and object: a “domain label” for a subject and a “type label” for an object. This implementation mechanism was improved by theFLASKarchitecture, substituting complex structures and implicit relationship. Also, the original TE access matrix was extended to other structures: lattice-based, history-based, environment-based, policy logic... This is a matter of implementation of TE by the various operating systems. In SELinux, TE implementation does not internally distinguish TE-domain from TE-types. It should be considered a weakness of TE original model to specify detailed implementation aspects such as labels and matrix, especially using the terms “domain” and “types” which have other, more generic, widely accepted meanings.

References

[edit]
  1. ^SeeEarl Boebert Oral history interview28 April 2015,Charles Babbage Institute,University of Minnesota>
  2. ^Richard Y. Kain Oral history interview,27 May 2015,Charles Babbage Institute,University of Minnesota
Retrieved from "https://en.wikipedia.org/w/index.php?title=Type_enforcement&oldid=1067865240"