Cryptographic pointers for fine-grained file access security

• Published in: Information security journal. Vol. 31; no. 3; pp. 359 - 375
• Main Author: Lopriore, Lanfranco
• Format: Journal Article
• Language: English
• Published: Abingdon Taylor & Francis 04.05.2022; Taylor & Francis Ltd
• Subjects: Access control; Algorithms; cryptographic key; Cryptography; Encryption; file; Forging; record; security; Security systems
• ISSN: 1939-3555; 1939-3547
• DOI: 10.1080/19393555.2022.2033365

We present a paradigm for fine-grained access security in a protection environment featuring files and records. Files are allocated at increasing addresses in a virtual space whose size is extremely large, so that virtual space reuse is never necessary. A record is a portion of a file. A subject certifies possession of an access privilege for a given object, file, or record, by presenting a cryptographic pointer (c-pointer) referencing that object. The c-pointer includes a key, and the composition of the access privilege expressed in terms of the two access rights, to read and to write. The c-pointer is valid if the key descends from a master key indicated in the c-pointer, by application of a universally known, symmetric algorithm. Records can be encrypted, and the key is specific to the given record. A set of security primitives forms the user interface of the security system. The resulting environment is evaluated from a number of viewpoints that include key proliferation, weakening and revocation, selective encryption, file directories, and robustness against security attacks aimed at c-pointer forging.