Optimal Constructions for Chain-based Cryptographic Enforcement of Information Flow Policies
This work addresses the efficiency of cryptographic enforcement for information flow policies, which is incremental as it optimizes an existing method.
The paper tackles the problem of selecting an optimal chain-based cryptographic enforcement scheme for information flow policies, resulting in a polynomial-time algorithm that minimizes the number of keys required and establishes bounds on secret usage.
The simple security property in an information flow policy can be enforced by encrypting data objects and distributing an appropriate secret to each user. A user derives a suitable decryption key from the secret and publicly available information. A chain-based enforcement scheme provides an alternative method of cryptographic enforcement that does not require any public information, the trade-off being that a user may require more than one secret. For a given information flow policy, there will be many different possible chain-based enforcement schemes. In this paper, we provide a polynomial-time algorithm for selecting a chain-based scheme which uses the minimum possible number of keys. We also compute the number of secrets that will be required and establish an upper bound on the number of secrets required by any user.