RFC 1457 (rfc1457) - Page 2 of 14


Security Label Framework for the Internet



Alternative Format: Original Text Document



RFC 1457       Security Label Framework for the Internet        May 1993


   performed on data such as collecting, processing, transferring,
   storing, retrieving, sorting, transmitting, disseminating, and
   controlling [3].

   The definition of data security includes protection from modification
   and destruction.  In computer systems, this is protection from
   writing and deleting.  These protections implement the data integrity
   service defined in the OSI Security Architecture [4].

   Biba [5] has defined a data integrity model which includes security
   labels.  The Biba model specifies rule-based controls for writing and
   deleting necessary to preserve data integrity.  The model also
   specifies rule-based controls for reading to prevent a high integrity
   process from relying on data that has less integrity than the
   process.

   The definition of data security also includes protection from
   disclosure.  In computer systems, this is protection from reading.
   This protection is the data confidentiality service defined in the
   OSI Security Architecture [4].

   Bell and LaPadula [6] defined a data confidentiality model which
   includes security labels.  The Bell and LaPadula model specifies
   rule-based controls for reading necessary to preserve data
   confidentiality.  The model also specifies rule-based controls for
   writing to ensure that data is not copied to a container where
   confidentiality can not be guaranteed.

   In both the Biba model and the Bell and LaPadula model, the security
   label is an attribute of the data.  In general, the security label
   associated with the data remains constant.  Exceptions will be
   discussed later in the memo, but relabeling is always the result of
   some network entity handling the data.  Since the security label is
   an attribute of data, it should be bound to the data.  When data
   moves through the network, the integrity security service [4] is
   generally used to accomplish this binding.  If the communications
   environment does not include a protocol which provides the integrity
   security service to bind the security label to the data, then the
   communications environment should include other mechanisms to
   preserve this binding.

2.1  Integrity Labels

   Integrity labels are security labels which support data integrity
   models, like the Biba model.  The integrity label tells the degree of
   confidence that may be placed in the data and also indicates which
   measures the data requires for protection from modification and
   destruction.



Housley