NSA Security-enhanced Linux  Home ToC Prev Up Next 
Types of AC
+DTE model
SELinux TE
Access modes
Type declaration
AV rules
Transitions
Change rules
Assertions
RBAC model
MLS model
FLASK
SecDecs
Conclusion
  

DTE model

Domain and Type Enforcement model

  • considers domains associated with subjects (processes) and types associated with objects (file, directory, device, ..)

  • defines

    • Domain Definition Table (DDT) - represents allowed access modes between domain and types (e.g. read, write, execute)

    • Domain Interaction Table (DIT) - represents allowed access modes between domains (e.g. signal, create, ..)

  • all acccess is denied unless explicitly allowed

8. SELinux TE
9. Access modes
10. Type declaration
11. AV rules
12. Transitions
13. Change rules
14. Assertions
Copyright © 2004 Pavol Lupták  Prev Next