RFC 1457 (rfc1457) - Page 1 of 14


Security Label Framework for the Internet



Alternative Format: Original Text Document



Network Working Group                                         R. Housley
Request for Comments: 1457             Xerox Special Information Systems
                                                                May 1993


               Security Label Framework for the Internet

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard.  Distribution of this memo is
   unlimited.

Acknowledgements

   The members of the Privacy and Security Research Group and the
   attendees of the invitational Security Labels Workshop (hosted by the
   National Institute of Standards and Technology) helped me organize my
   thoughts on this subject.  The ideas of these professionals are
   scattered throughout the memo.

1.0  Introduction

   This memo presents a security labeling framework for the Internet.
   The framework is intended to help protocol designers determine what,
   if any, security labeling should be supported by their protocols.
   The framework should also help network architects determine whether
   or not a particular collection of protocols fulfill their security
   labeling requirements.  The Open Systems Interconnection Reference
   Model [1] provides the structure for the presentation, therefore OSI
   protocol designers may also find this memo useful.

2.0  Security Labels

   Data security is the set of measures taken to protect data from
   accidental, unauthorized, intentional, or malicious modification,
   destruction, or disclosure.  Data security is also the condition that
   results from the establishment and maintenance of protective measures
   [2].  Given this two-pronged definition for data security, this memo
   examines security labeling as one mechanism which provides data
   security.  In general, security labeling by itself does not provide
   sufficient data security; it must be complemented by other security
   mechanisms.

   In data communication protocols, security labels tell the protocol
   processing how to handle the data transferred between two systems.
   That is, the security label indicates what measures need to be taken
   to preserve the condition of security.  Handling means the activities



Housley