Browse Prior Art Database

Security Label Framework for the Internet (RFC1457)

IP.com Disclosure Number: IPCOM000002285D
Original Publication Date: 1993-May-01
Included in the Prior Art Database: 2019-Feb-10
Document File: 14 page(s) / 20K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

R. Housley: AUTHOR

Related Documents

10.17487/RFC1457: DOI

Abstract

This memo presents a security labeling framework for the Internet. The framework is intended to help protocol designers determine what, if any, security labeling should be supported by their protocols. This memo provides information for the Internet community. It does not specify an Internet standard.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 10% of the total text.

Network Working Group R. Housley Request for Comments: 1457 Xerox Special Information Systems May 1993

Security Label Framework for the Internet

Status of this Memo

This memo provides information for the Internet community. It does not specify an Internet standard. Distribution of this memo is unlimited.

Acknowledgements

The members of the Privacy and Security Research Group and the attendees of the invitational Security Labels Workshop (hosted by the National Institute of Standards and Technology) helped me organize my thoughts on this subject. The ideas of these professionals are scattered throughout the memo.

1.0 Introduction

This memo presents a security labeling framework for the Internet. The framework is intended to help protocol designers determine what, if any, security labeling should be supported by their protocols. The framework should also help network architects determine whether or not a particular collection of protocols fulfill their security labeling requirements. The Open Systems Interconnection Reference Model [1] provides the structure for the presentation, therefore OSI protocol designers may also find this memo useful.

2.0 Security Labels

Data security is the set of measures taken to protect data from accidental, unauthorized, intentional, or malicious modification, destruction, or disclosure. Data security is also the condition that results from the establishment and maintenance of protective measures [2]. Given this two-pronged definition for data security, this memo examines security labeling as one mechanism which provides data security. In general, security labeling by itself does not provide sufficient data security; it must be complemented by other security mechanisms.

In data communication protocols, security labels tell the protocol processing how to handle the data transferred between two systems. That is, the security label indicates what measures need to be taken to preserve the condition of security. Handling means the activities

Housley [Page 1]

RFC 1457 Security Label Framework for the Internet May 1993

performed on data such as collecting, processing, transferring, storing, retrieving, sorting, transmitting, disseminating, and controlling [3].

The definition of data security includes protection from modification and destruction. In computer systems, this is protection from writing and deleting. These protections implement the data integrity service defined in the OSI Security Architecture [4].

Biba [5] has defined a data integrity model which includes security labels. The Biba model specifies rule-based controls for writing and deleting necessary to preserve data integrity. The model also specifies rule-based controls for reading to prevent a high integrity process from relying on data that has less integrity than the process.

The definition of data security also includes protection from disclosure. In computer systems, this is protection from reading. This protection is the data confidentiality service...

Processing...
Loading...