Domain and Type Enforcement model
Considers domains associated with subjects (processes) and types associated with objects (file, directory, device, ..)
Defines
Domain Definition Table (DDT) - represents allowed access modes between domains and types (e.g. read, write, execute)
Domain Interaction Table (DIT) - represents allowed access modes between domains (e.g. signal, create, ..)
All access is denied unless explicitly allowed