Several organizations generate and store a wide range of information in what is commonly referred to as data stores. To access the information within these data stores, two main architectures are widely adopted. The first architecture gives access to information through a trusted server that enforces established confidentiality policies. The second one allows the information to be public but in its encrypted form. Then through a scheme for the distribution of cryptographic keys, each user is provided with the keys needed to decrypt only the part of the information she is authorized to access. This paper relates to the latter architecture. We introduce an algebraic framework that takes into consideration a new perspective in tackling the key-distribution problem. We use the proposed framework to analyze key-distribution schemes that are representative of the ones found in the literature. The framework enables the specification and the verification of key-distribution policies. We also point to several other applications related to measures ensuring information confidentiality.

• 出版日期2011