Specifications for managing labels on sockets

[George W. Dinolt]

Robert:

As you mentioned, there are the TSIX labels now "taken over" by Sun. Sun
calls them "tsol" labels. They are partially defined by a "label
encodings" file whose format was originally specified by Mitre as part
of the "Compartmented Mode Workstation" (CMW) development (198?). Those
labels are normally added at the "session" level. For networking, they
are represented as a new option in both tcp and udp protocols. (Many
complications omitted) They are also normally kept for all subjects and
objects in some internal format. The encodings file is used to define
the organization of the labels and how they should appear to users. 

Sun uses the tsol labels to define more than just the label hierarchy.
The tsol labels include process and user privileges and other security
related information. 

How labels should appear to users (or even whether) is, as you probably
know, a hard problem and needs a bit of thought.

The folk at SGI also have a labeling scheme for their Trusted Irix
product. They add a BIBA Integrity label as well. They organize their
compartments differently than Sun. 

Oracle has its own labelled security scheme which you can find out about
on their web site. I think their labelled security architecture is
broken, but that is just my opinion. 

IBM uses labels for some versions of its main frame operating systems
(PRSM and Z OS) and is developing other products (for main frames) that
will take advantage of that labeling.

The one scheme that has a FIPS standard are CIPSO labels. Sun and others
use CIPSO labels both internally and with IP. CIPSO labels can appear as
an option on IP headers. The CIPSO labels are defined in NIST
publication FIPS188. I think that IBM may also be using (or plan to use)
CIPSO labels of the same format that Sun uses.

My understanding is that the use of CIPSO is also included as part of
the IPSEC specification. I don't know whether any implementations
actually are CIPSO capable. 

Most of the security companies that have used some form of MAC labels
are descendents from the CMW world and may (should ?) pay lip service to
the MITRE work and approaches.

My suggestions is that you use label encodings files for label
definitions and CIPSO markings for transportation.  I am not sure
whether or how one should communicate session level privileges,
capabilities, etc.. That information is probably operating system
dependent so anything you do would probably be okay. 

Internal representations of labels is very much operating system
dependent. The real issue is to find an internal representation that
permits a sufficiently fast comparison of labels. Most of the vendor
work in this area is very proprietary. 

Maybe this helps.
-- 
George Dinolt

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message