Optimal Constructions for Chain-based Cryptographic Enforcement of Information Flow Policies. / Crampton, Jason; Farley, Naomi; Gutin, Gregory; Jones, Mark.

29th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy: DBSec 2015. Springer-Verlag, 2015.

Research output: Chapter in Book/Report/Conference proceedingChapter



  • AcceptanceLetter

    Submitted manuscript, 13.1 KB, PDF document

  • dbsec

    Submitted manuscript, 196 KB, PDF document


The simple security property in an information flow policy can be enforced by encrypting data objects and distributing an appropriate secret to each user.
A user derives a suitable decryption key from the secret and publicly available information.
A chain-based enforcement scheme provides an alternative method of cryptographic enforcement that does not require any public information, the trade-off being that a user may require more than one secret.
For a given information flow policy, there will be many different possible chain-based enforcement schemes.
In this paper, we provide a polynomial-time algorithm for selecting a chain-based scheme which uses the minimum possible number of secrets.
We also compute the number of secrets that will be required and establish an upper bound on the number of secrets required by any user.
Original languageEnglish
Title of host publication29th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy
Subtitle of host publicationDBSec 2015
Publication statusAccepted/In press - 2015
This open access research output is licenced under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.

ID: 24676417