Type enforcement

From Wiki @ Karl Jones dot com
Jump to: navigation, search

In computer science, the concept of type enforcement (TE) in the field of information technology is related to access control.

Description

Implementing TE gives priority to “mandatory access control” (MAC) over “discretionary access control” (DAC). Access clearance is first given to a subject (e.g. process) accessing objects (e.g. files, records, messages) based on rules defined in an attached security context.

A security context in a domain is defined by a domain security policy. In the Linux security module (LSM) in SELinux, the security context is an extended attribute.

Type enforcement implementation is a prerequisite for MAC, and a first step before “multi-level security” (MLS) or its replacement “multi categories security” (MCS).

It is a complement of “role based access control” (RBAC).

See also

External links

Retrieved from "http://wiki.karljones.com/index.php?title=Type_enforcement&oldid=18564"