Type enforcement is a security method that assigns labels to different resources and allows access based on them. It uses identifiers for sources and targets, and a set of permissions created by a system administrator to ensure appropriate security. Each interaction must be clearly permitted.
Type enforcement is a method of computer security that relies on assigning labels to different “types” of resources and then allowing access based on them. While this may sound complicated, it’s basically a method whereby different permissions are assigned for access to various systems. A process occurring on a network, for example, has a certain level of authority based on its source, which is assigned this authority by the system administrator. When this process attempts to access resources on that network, the authorization is checked and, if appropriate, it is granted access to the target.
The term “type enforcement” refers to the “types” of elements that are part of a system and how each is classified for security purposes. There are two simple types: the source type, which is the domain running a process on the system; and target type, which is the object being accessed. A user on a network trying to access a file on another computer is the source, while the computer with the file is the destination. Type enforcement assigns each of these types an identification that is then used to ensure appropriate security through the use of permissions.
Each source type is clearly identified in a system using type enforcement, which can require thousands of different identifiers for all possible sources. Similarly, each type of target also has an identifier, so that the system is able to track every possible asset that is making a request or is the target of a request. You then establish a set of permissions in a system using type enforcement, which are basically rules. These rules are created by a system administrator and indicate the types of sources that are allowed to access the various destinations.
Using the previous example, the file on the target computer is an object that can be accessed at the source depending on the permissions established. Additional information in a rule can also indicate exactly how objects can be used and interacted with, such as being able to read the file or delete it. All of this information for type enforcement interactions is contained in a single rule that provides the source type, target type, and permissions for accessible objects. Creating each of these rules is essential to system security, since type enforcement is a “required” security system. This means that every interaction must be clearly permitted, otherwise it is not possible.
Protect your devices with Threat Protection by NordVPN
