Type enforcement

<p>The concept of type enforcement (TE), in the field of <a href="/facts/Information_technology/glMzunwe">information technology</a>, is an access control mechanism for regulating access in computer systems. Implementing TE gives priority to <a href="/facts/Mandatory_access_control/yvtGFacq">mandatory access control</a> (MAC) over <a href="/facts/Discretionary_access_control/MTQRM7nr">discretionary access control</a> (DAC). Access clearance is first given to a subject (e.g. process) accessing objects (e.g. files, records, messages) based on rules defined in an attached security context.  A security context in a domain is defined by a domain security policy. In the Linux security module (<a href="/facts/Linux_Security_Modules/T9UzLVgm">LSM</a>) in <a href="/facts/SELinux/YcTycMEN">SELinux</a>, the security context is an extended attribute. Type enforcement implementation is a prerequisite for MAC, and a first step before <a href="/facts/Multilevel_security/yyCAmDEP">multilevel security</a> (MLS) or its replacement <a href="/facts/Multi_categories_security/dkj8tJaF">multi categories security</a> (MCS). It is a complement of  <a href="/facts/Role-based_access_control/dPN1ohBE">role-based access control</a> (RBAC).
</p>

Type enforcement open-in-new

Type enforcement