[redhat-lspp] [PATCH] lsm-secpeer for IPSec labels

[Stephen Smalley]

On Fri, 2005-09-16 at 13:49 -0400, Roe, William H. wrote:
> It is very likely that the current IPSEC networking scheme may NOT be
> accreditable above DCID 6/3 PL3.  The issue is confirmation of the
> origin of the system connecting.  It has to be differentiated at the
> packet level othewise you limit the extensibility of the network to only
> those known to be at the same classification level, though you may allow
> different compartments via encryption segregation.  
> 
> DCID 6/3 Label1 and Label2 REQUIRE the explicit electronic labeling of
> media.  Label1 and Label2 are required for deployment of PL4 systems.
> Implict or inference labeling are only allowed at PL3 and below.  That
> bascially means that everyone on the network HAS to have the SAME
> security clearance, but do not have to have the same need to know which
> is a PL3 not PL4 network.

With the IPSEC-based labeling, each packet still has a SPI that
references a SA that contains the actual security label.  Hence, each
packet is "labeled", just not in a form that is directly interpretable
by an intermediate network component without further information.  This
can actually be an advantage, as the "labels" i.e. the SPIs do not give
away meaningful information to any arbitrary reader of the network
traffic.  Does that address your concern?

Disclaimer:  I'm not a certifier/accreditor.

-- 
Stephen Smalley
National Security Agency