The concept of type enforcement (TE), in the field of

information technology Information technology (IT) is a set of related fields within information and communications technology (ICT), that encompass computer systems, software, programming languages, data processing, data and information processing, and storage. Inf ...

, is an access control mechanism for regulating access in computer systems. Implementing TE gives priority to

mandatory access control In computer security, mandatory access control (MAC) refers to a type of access control by which a secured environment (e.g., an operating system or a database) constrains the ability of a ''subject'' or ''initiator'' to access or modify on an ' ...

(MAC) over

discretionary access control In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria (TCSEC) as a means of restricting access to objects based on the identity of subjects and/or groups to ...

(DAC). Access clearance is first given to a subject (e.g. process) accessing objects (e.g. files, records, messages) based on rules defined in an attached security context. A security context in a domain is defined by a domain security policy. In the Linux security module (

LSM LSM may refer to: Science *Laboratoire Souterrain de Modane (Modane Underground Laboratory), a particle physics laboratory in France *Lanthanum strontium manganite, a crystal used as a cathode material *Confocal microscopy, Laser scanning microsc ...

) in

SELinux Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space too ...

, the security context is an extended attribute. Type enforcement implementation is a prerequisite for MAC, and a first step before

multilevel security Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearan ...

(MLS) or its replacement

multi categories security Multi categories security (MCS) is an access control method in Security-Enhanced Linux that uses categories attached to objects (files) and granted to subjects (processes, ...) at the operating system level. The implementation in Fedora Core 5 is ...

(MCS). It is a complement of

role-based access control In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users, and to implementing mandatory access control (MAC) or discretionary access control, discretion ...

(RBAC).

Control

Type enforcement implies fine-grained control over the operating system, not only to have control over process execution, but also over

domain transition A domain is a geographic area controlled by a single person or organization. Domain may also refer to: Law and human geography * Demesne, in English common law and other Medieval European contexts, lands directly managed by their holder rather ...

authorization scheme Authorization or authorisation (see spelling differences), in information security, computer security and IAM (Identity and Access Management), is the function of specifying rights/privileges for accessing resources, in most cases through an a ...

. This is why it is best implemented as a kernel module, as is the case with SELinux. Using type enforcement is a way to implement the

FLASK Flask may refer to: Container * Hip flask, a small container used to carry liquid * Laboratory flask, laboratory glassware for holding larger volumes than simple test tubes ** Erlenmeyer flask, a common laboratory flask with a flat bottom, a c ...

architecture.

Access

Using type enforcement, users may (as in

Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...

Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Direct ...

) or may not (as in

) be associated with a Kerberos realm, although the original type enforcement model implies so. It is always necessary to define a TE access matrix containing rules about clearance granted to a given security context, or subject's rights over objects according to an authorization scheme.

Security

Practically, type enforcement evaluates a set of rules from the source security context of a subject, against a set of rules from the target security context of the object. A clearance decision occurs depending on the TE access description (matrix). Then, DAC or other access control mechanisms (MLS / MCS, ...) apply.

History

Type enforcement was introduced in the

Secure Ada Target Secure may refer to: * Security, being protected against danger or loss(es) **Physical security, security measures that are designed to deny unauthorized access to facilities, equipment, and resources **Information security, defending information ...

architecture in the late 1980s with a full implementation developed in the Logical Coprocessing Kernel (LOCK) system.Richard Y. Kain Oral history interview
27 May 2015,

Charles Babbage Institute The IT History Society (ITHS) is an organization that supports the history and scholarship of information technology by encouraging, fostering, and facilitating archival and historical research. Formerly known as the Charles Babbage Foundation, ...

, University of Minnesota The

Sidewinder Internet Firewall Microsoft SideWinder is a former brand name for a family of video gaming peripherals developed by Microsoft for PCs. It was initially marketed from 1995 to 2003 consisting of game controllers, then again from 2007 until the early 2010s with gami ...

was implemented on a custom version of Unix that incorporated type enforcement. A variant called ''domain type enforcement'' was developed in the

Trusted MACH Trust is the belief that another person will do what is expected. It brings with it a willingness for one party (the trustor) to become vulnerable to another party (the trustee), on the presumption that the trustee will act in ways that benefit ...

system. The original type enforcement model stated that labels should be attached to subject and object: a “domain label” for a subject and a “type label” for an object. This implementation mechanism was improved by the

architecture, substituting complex structures and implicit relationship. Also, the original TE access matrix was extended to other structures: lattice-based, history-based, environment-based, policy logic... This is a matter of implementation of TE by the various operating systems. In SELinux, TE implementation does not internally distinguish TE-domain from TE-types. It should be considered a weakness of TE original model to specify detailed implementation aspects such as labels and matrix, especially using the terms “domain” and “types” which have other, more generic, widely accepted meanings.

References

{{Reflist * P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner, and J. F. Farrell.
The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments
'. In Proceedings of the 21st National Information Systems Security Conference, pages 303–314, October 1998

* L. Badger, D. F. Sterne, D. L. Sherman, K. M. Walker and S. A. Haghighat,
A Domain and Type Enforcement UNIX Prototype
', In Proceedings of the 5th USENIX UNIX Security Symposium, June 1995

* W. E. Boebert and R. Y. Kain, ''A Practical Alternative to Hierarchical Integrity Policies'', In Proceedings of the 8th National Computer Security Conference, page 18, 1985.
LOCK - A trusted computing system
Operating system security Computer security models