Confines each process to a specific cell, thus enforcing the principle of least privilege, which demands that each process should have access to only those resources necessary to perform its specific task—and nothing else.
A number of companies employ Type Enforcement technology in their products. For example, the Secure Computing Company markets itself as providing excellent network security gateway solutions, noting that it has been able to accomplish this objective by using Application Layer Gateway and VPN technology in conjunction with the company’s proprietary Type Enforcement technology. Type Enforcement technology is a particularly important part of the SecureOS operating system on which Secure Computing’s SidewinderG2 Firewall operates. By using Type Enforcement technology to lock each process into a specific cell, SecureOS enforces what security specialists consider to be the principle of least privilege. With the Type Enforcement honeycomb, every application or service (such as email, FTP, and telnet) is separated from the others with barriers between them, making them virtually impossible to penetrate. This technology acts to reduce vulnerabilities permitting a cracker to use, say, the service that offers the SMTP protocol to carry out an attack on other services.
Furthermore, because operating systems have a number of privileged system cells that crackers can use to access the kernel directly and exploit the system, Type Enforcement technology reduces the likelihood of these exploits by placing a series of flags for each cell, indicating which system calls can originate in that cell. For example, some system calls are allowed only in cells restricted to system administrators and certain processes, so that even “root access” will not permit a process to make disallowed calls.Each cell would be permitted to make only the system calls required for the processes and users in that cell to complete their tasks. With this technology, less trusted users or processes running questionable code can be isolated so that they are not be capable of making any privileged system calls. Moreover, files and other resources not critical to the system’s safe operation are the only ones that can be accessed.
Secure Computing Corporation. Type Enforcement Technology. [Online, 2006.] Secure Computing Website. http://www.securecomputing.com/index.cfm?skey=738.