The concept of type enforcement (TE), in the field of

information technology Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of Data (computing), data . and information. IT forms part of information and communications technology (ICT). An information te ...

, is an access control mechanism for regulating access in computer systems. Implementing TE gives priority to

mandatory access control In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system or database constrains the ability of a ''subject'' or ''initiator'' to access or generally perform some sort of operation on a ...

(MAC) over

discretionary access control In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria (TCSEC) as a means of restricting access to objects based on the identity of subjects and/or groups to ...

(DAC). Access clearance is first given to a subject (e.g. process) accessing objects (e.g. files, records, messages) based on rules defined in an attached

security context Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...

. A security context in a domain is defined by a domain security policy. In the Linux security module (

LSM In molecular biology, LSm proteins are a family of RNA-binding proteins found in virtually every cellular organism. LSm is a contraction of 'like Sm', because the first identified members of the LSm protein family were the Sm proteins. LSm pr ...

) in

SELinux Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space ...

, the security context is an extended attribute. Type enforcement implementation is a prerequisite for MAC, and a first step before

multilevel security Multilevel security or multiple levels of security (MLS) is the application of a computer system to process information with incompatible classifications (i.e., at different security levels), permit access by users with different security clearan ...

(MLS) or its replacement multi categories security (MCS). It is a complement of

role-based access control In computer systems security, role-based access control (RBAC) or role-based security is an approach to restricting system access to authorized users. It is an approach to implement mandatory access control (MAC) or discretionary access control ...

(RBAC).

Control

Type enforcement implies fine-grained control over the operating system, not only to have control over process execution, but also over

domain transition Domain may refer to: Mathematics *Domain of a function, the set of input values for which the (total) function is defined ** Domain of definition of a partial function ** Natural domain of a partial function **Domain of holomorphy of a function *D ...

authorization scheme Authorization or authorisation (see spelling differences) is the function of specifying access rights/privileges to resources, which is related to general information security and computer security, and to access control in particular. More fo ...

. This is why it is best implemented as a kernel module, as is the case with SELinux. Using type enforcement is a way to implement the

FLASK Flask may refer to: Container * Hip flask, a small container used to carry a small amount of liquid * Laboratory flask, laboratory glassware for holding larger volumes than simple test tubes ** Erlenmeyer flask, a common laboratory flask wit ...

architecture.

Access

Using type enforcement, users may (as in

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washin ...

Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of Process (computing), processes and Windows service, services. Initially, Active D ...

) or may not (as in

) be associated with a Kerberos realm, although the original type enforcement model implies so. It is always necessary to define a TE access matrix containing rules about clearance granted to a given security context, or subject's rights over objects according to an authorization scheme.

Security

Practically, type enforcement evaluates a set of rules from the source security context of a subject, against a set of rules from the target security context of the object. A clearance decision occurs depending on the TE access description (matrix). Then, DAC or other access control mechanisms (MLS / MCS, ...) apply.

History

Type enforcement was introduced in the

Secure Ada Target Secure may refer to: * Security, being protected against danger or loss(es) **Physical security, security measures that are designed to deny unauthorized access to facilities, equipment, and resources **Information security, defending information ...

architecture in the late 1980s with a full implementation developed in the Logical Coprocessing Kernel (LOCK) system.Richard Y. Kain Oral history interview
27 May 2015,

Charles Babbage Institute The IT History Society (ITHS) is an organization that supports the history and scholarship of information technology by encouraging, fostering, and facilitating archival and historical research. Formerly known as the Charles Babbage Foundation, ...

, University of Minnesota The

Sidewinder Internet Firewall Sidewinder may refer to: Snakes * Sidewinding, a form of locomotion used by some snakes ** '' Bitis peringueyi'' or sidewinding adder, a venomous adder species found in Namibia and southern Angola ** '' Cerastes cerastes'' or Saharan horned vipe ...

was implemented on a custom version of Unix that incorporated type enforcement. A variant called ''domain type enforcement'' was developed in the

Trusted MACH Trust is the willingness of one party (the trustor) to become vulnerable to another party (the trustee) on the presumption that the trustee will act in ways that benefit the trustor. In addition, the trustor does not have control over the acti ...

system. The original type enforcement model stated that labels should be attached to subject and object: a “domain label” for a subject and a “type label” for an object. This implementation mechanism was improved by the

architecture, substituting complex structures and implicit relationship. Also, the original TE access matrix was extended to other structures: lattice-based, history-based, environment-based, policy logic... This is a matter of implementation of TE by the various operating systems. In SELinux, TE implementation does not internally distinguish TE-domain from TE-types. It should be considered a weakness of TE original model to specify detailed implementation aspects such as labels and matrix, especially using the terms “domain” and “types” which have other, more generic, widely accepted meanings.

References

{{Reflist * P. A. Loscocco, S. D. Smalley, P. A. Muckelbauer, R. C. Taylor, S. J. Turner, and J. F. Farrell.
The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments
'. In Proceedings of the 21st National Information Systems Security Conference, pages 303–314, October 1998

* L. Badger, D. F. Sterne, D. L. Sherman, K. M. Walker and S. A. Haghighat,
A Domain and Type Enforcement UNIX Prototype
', In Proceedings of the 5th USENIX UNIX Security Symposium, June 1995

* W. E. Boebert and R. Y. Kain, ''A Practical Alternative to Hierarchical Integrity Policies'', In Proceedings of the 8th National Computer Security Conference, page 18, 1985.
LOCK - A trusted computing system
Operating system security Computer security models