H. Rowe and J. Crampton
A key assignment scheme is a model for enforcing an information flow policy using cryptographic techniques. Such schemes have been widely studied in recent years. Each security label is associated with a symmetric encryption key: data objects are encrypted and authorised users are supplied with the appropriate key(s). However, updates to encryption keys pose a significant problem, as the new keys have to be issued to all authorised users. In this paper, we propose three generic approaches to key assignment schemes that remove the problem of key redistribution following key updates. We analyse the overheads incurred by these approaches and conclude that these overheads are negligible in practical applications.
In Proceedings of the Fourth International Workshop on Mathematical Methods, Models, and Architectures for Computer Network Security