Type Enforcement is a table based access control model. Active entities, the subjects, have an attribute Domain, while passive entities, the objects, have a type attribute. Possible accesses by subjects to objects are grouped into the access modes read, write, execute and traverse.
A global Domain Definition Table (DDT) contains the allowed interactions, where domains and types form rows and columns, and each cell holds a set of access modes.
Subject-to-subject access control is based on a global Domain Interaction Table (DIT) with subjects as both descriptors and, again, a set of access modes, e.g. signal, create or destroy, in the cells.
In contrast to the original TE model, DTE supports implicit attribute maintenance. This means that values may be only kept on a higher level of the directory and file hierarchy, but are used for all levels below as well. Also, the specification language allows to specify types by lookup path prefixes.
The first process on a system, the init process, gets a predefined initial domain assigned. Each process can enter another domain by executing a program bound to it, a so-called entry point. An entry point may be executed to explicitely enter one of its associated domains, if the subject's current domain has exec right on the target domain. The auto access right to a domain automatically selects this domain, if one of its entry points gets executed.
The user-domain relationship is entirely built on entry points like command shells etc. However, a DTE aware login program can select from all domains associated with an entry point to avoid individual copies for each domain.