翻訳と辞書 |
Type enforcement : ウィキペディア英語版 | Type enforcement
The concept of type enforcement (TE) in the field of information technology is related to access control. Implementing TE gives priority to “mandatory access control” (MAC) over “discretionary access control” (DAC). Access clearance is first given to a subject (e.g. process) accessing objects (e.g. files, records, messages) based on rules defined in an attached security context. A security context in a domain is defined by a domain security policy. In the Linux security module (LSM) in SELinux, the security context is an extended attribute. Type enforcement implementation is a prerequisite for MAC, and a first step before “multi-level security” (MLS) or its replacement “multi categories security” (MCS). It is a complement of “role based access control” (RBAC). ==Control==
Type enforcement implies fine grained control over the operating system, not only to have control over process execution, but also over “domain transition” or authorization scheme. This is why it is best implemented as a kernel module, as is the case with SELinux. Using type enforcement is a way to implement the FLASK architecture.
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Type enforcement」の詳細全文を読む
スポンサード リンク
翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|