A Framework for Scalable Multicast Security with Bell-LaPedula Confidentiality Model
by Prof. Mohamed Eltoweissy
 

Multicast communications allow members of a group to efficiently exchange data. Normally, this exchange occurs between all group participants. However, there are applications that may require smaller subgroups to communicate without sharing information with all group members. Such a requirement can be captured within an information flow policy. We propose a framework for the creation and management of subgroups within a larger multicast group to enforce information flow policies according to the Bell-Lapedula Confidentiality Model. Our framework utilizes hierarchical key management trees to provide the necessary keying infrastructure. We also integrate the concepts of distributed key management with key translators to provide a more scalable solution for large, dynamic multicast groups. Our framework supports both one-to-many and many-to-many multicast groups. In addition, it supports inter-domain multicast groups and limits the effects of group membership changes to the domain(s) with affected members. Finally, our framework can be extended to support other security requirements within a subgroup such as the creation of multiple multicast security associations.