A Hybrid Enforcement Model for Group-centric Secure Information Sharing

Group-Centric Secure Information Sharing (g-SIS) is motivated by the need to dynamically share information amongst a set of authorized users for a specific purpose. Authorized group users may read and contribute new objects to the group. An important usability objective in g-SIS is to allow users to access group objects offline without having to contact a server every time an access is requested. Thus a fundamental requirement for g-SIS is that protection needs to extend to clients. Henceforth we assume that a Trusted Reference Monitor (TRM) is present on the client platforms that can enforce the group policies in a trustworthy manner. In this paper, we discuss three different approaches for realizing a scalable and high-assurance g-SIS. In a Micro-Distribution (MD) architecture, objects are individually encrypted for each group user. Thus the server shares a unique key with each user. In a Super-Distribution (SD) architecture, a single key is shared amongst all group users and thus group objects are uniformly encrypted. SD promotes ``protect once, access when authorized´´. We discuss the pros and cons of both MD and SD architecture and proposea novel split-key RSA based hybrid architecture. As we will see, this architecture incorporates the high-assurance aspect from MD and the usability and scalability advantages from SD approach respectively.