Browse Prior Art Database

Security Label Framework for the Internet (RFC1457)

IP.com Disclosure Number: IPCOM000002285D
Original Publication Date: 1993-May-01
Included in the Prior Art Database: 2000-Sep-12
Document File: 12 page(s) / 34K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Housley: AUTHOR

Abstract

This memo presents a security labeling framework for the Internet. The framework is intended to help protocol designers determine what, if any, security labeling should be supported by their protocols. The framework should also help network architects determine whether or not a particular collection of protocols fulfill their security labeling requirements. The Open Systems Interconnection Reference Model [1] provides the structure for the presentation, therefore OSI protocol designers may also find this memo useful.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 8% of the total text.

Network Working Group R. Housley

Request for Comments: 1457 Xerox Special Information Systems

May 1993

Security Label Framework for the Internet

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard. Distribution of this memo is

unlimited.

Acknowledgements

The members of the Privacy and Security Research Group and the

attendees of the invitational Security Labels Workshop (hosted by the

National Institute of Standards and Technology) helped me organize my

thoughts on this subject. The ideas of these professionals are

scattered throughout the memo.

1.0 Introduction

This memo presents a security labeling framework for the Internet.

The framework is intended to help protocol designers determine what,

if any, security labeling should be supported by their protocols.

The framework should also help network architects determine whether

or not a particular collection of protocols fulfill their security

labeling requirements. The Open Systems Interconnection Reference

Model [1] provides the structure for the presentation, therefore OSI

protocol designers may also find this memo useful.

2.0 Security Labels

Data security is the set of measures taken to protect data from

accidental, unauthorized, intentional, or malicious modification,

destruction, or disclosure. Data security is also the condition that

results from the establishment and maintenance of protective measures

[2]. Given this two-pronged definition for data security, this memo

examines security labeling as one mechanism which provides data

security. In general, security labeling by itself does not provide

sufficient data security; it must be complemented by other security

mechanisms.

In data communication protocols, security labels tell the protocol

processing how to handle the data transferred between two systems.

That is, the security label indicates what measures need to be taken

to preserve the condition of security. Handling means the activities

performed on data such as collecting, processing, transferring,

storing, retrieving, sorting, transmitting, disseminating, and

controlling [3].

The definition of data security includes protection from modification

and destruction. In computer systems, this is protection from

writing and deleting. These protections implement the data integrity

service defined in the OSI Security Architecture [4].

Biba [5] has defined a data integrity model...