Optimal Constructions for Chain-Based Cryptographic Enforcement of Information Flow Policies

• Published in: Data and Applications Security and Privacy XXIX Vol. 9149; pp. 330 - 345
• Main Authors: Crampton, Jason, Farley, Naomi, Gutin, Gregory, Jones, Mark
• Format: Book Chapter
• Language: English
• Published: Switzerland Springer International Publishing AG 2015; Springer International Publishing
• Series: Lecture Notes in Computer Science
• Subjects: Computer security; Cryptographic Primitive; Hasse Diagram; Information architecture; Minimum Cost Flow; Policy Decision Point; Public Information
• ISBN: 3319208098; 9783319208091
• ISSN: 0302-9743; 1611-3349; 1611-3349
• DOI: 10.1007/978-3-319-20810-7_23

The simple security property in an information flow policy can be enforced by encrypting data objects and distributing an appropriate secret to each user. A user derives a suitable decryption key from the secret and publicly available information. A chain-based enforcement scheme provides an alternative method of cryptographic enforcement that does not require any public information, the trade-off being that a user may require more than one secret. For a given information flow policy, there will be many different possible chain-based enforcement schemes. In this paper, we provide a polynomial-time algorithm for selecting a chain-based scheme which uses the minimum possible number of secrets. We also compute the number of secrets that will be required and establish an upper bound on the number of secrets required by any user.