RFC 1457 (rfc1457) - Page 2 of 14
Security Label Framework for the Internet
Alternative Format: Original Text Document
RFC 1457 Security Label Framework for the Internet May 1993
performed on data such as collecting, processing, transferring,
storing, retrieving, sorting, transmitting, disseminating, and
controlling [3].
The definition of data security includes protection from modification
and destruction. In computer systems, this is protection from
writing and deleting. These protections implement the data integrity
service defined in the OSI Security Architecture [4].
Biba [5] has defined a data integrity model which includes security
labels. The Biba model specifies rule-based controls for writing and
deleting necessary to preserve data integrity. The model also
specifies rule-based controls for reading to prevent a high integrity
process from relying on data that has less integrity than the
process.
The definition of data security also includes protection from
disclosure. In computer systems, this is protection from reading.
This protection is the data confidentiality service defined in the
OSI Security Architecture [4].
Bell and LaPadula [6] defined a data confidentiality model which
includes security labels. The Bell and LaPadula model specifies
rule-based controls for reading necessary to preserve data
confidentiality. The model also specifies rule-based controls for
writing to ensure that data is not copied to a container where
confidentiality can not be guaranteed.
In both the Biba model and the Bell and LaPadula model, the security
label is an attribute of the data. In general, the security label
associated with the data remains constant. Exceptions will be
discussed later in the memo, but relabeling is always the result of
some network entity handling the data. Since the security label is
an attribute of data, it should be bound to the data. When data
moves through the network, the integrity security service [4] is
generally used to accomplish this binding. If the communications
environment does not include a protocol which provides the integrity
security service to bind the security label to the data, then the
communications environment should include other mechanisms to
preserve this binding.
2.1 Integrity Labels
Integrity labels are security labels which support data integrity
models, like the Biba model. The integrity label tells the degree of
confidence that may be placed in the data and also indicates which
measures the data requires for protection from modification and
destruction.
Housley