0

Consider a scenario with two security levels, Alice and Bob. Bob is Alice's boss. Bob must be able to read Alice's documents but not write anything to her documents.

I am using encryption keys to encrypt all of Alice's data, and then giving Bob the private key/ However I have realised this will not stop him editing it, just giving him the public key would allow him to edit it but not see it.

Basically how would Bob be able to see and not edit Alice's files?

Gilles 'SO- stop being evil'
  • 51,415
  • 13
  • 121
  • 180
test1245
  • 11
  • 2
  • 2
    @Rook No, we don't use a `homework` tag here, [for good reason](http://meta.stackexchange.com/questions/123758/can-we-now-discourage-the-use-of-and-burninate-the-homework-tag). – Gilles 'SO- stop being evil' Dec 08 '12 at 23:20
  • Is this a duplicate of [Are there a standard method(s) for me to give someone else read-only access to my data?](http://security.stackexchange.com/questions/15171/are-there-a-standard-methods-for-me-to-give-someone-else-read-only-access-to-m) – David Cary Dec 09 '12 at 09:15
  • 1
    Why weren't your two questions (how to stop write downs & how to stop read ups) combined into "How to enforce the Bell-LaPadula model?" – Henning Klevjer Dec 09 '12 at 13:32

1 Answers1

1

Alice has the private key and the boss the public. The boss can use the public key to read things Alice makes, but Alice is the only one that can encrypt her stuff with the private key. Even if the boss edits a file he will not be able to save it (re-encrypt it) because he does not hold the private key. Alice can read and write because she holds both the encryption and decryption key.

Lucas Kauffman
  • 54,229
  • 17
  • 113
  • 196
  • thank you so much, how would i go about allowing alice to edit something the boss has done but not read it ? – test1245 Dec 08 '12 at 21:47
  • You can't. You can't have write without read permissions. – Lucas Kauffman Dec 08 '12 at 22:04
  • 1
    not even using any encryption keys to achieve this ? and create a blind - write ? – test1245 Dec 08 '12 at 22:13
  • Do you have any practical use for this? I mean a "blind write" is kind of silly if you don't know where you are writing to. – Lucas Kauffman Dec 08 '12 at 22:38
  • @LucasKauffman there are a few valid scenarios where "blind write" does make very good sense. E.g. messaging, logging, ... – AviD Dec 09 '12 at 11:55
  • @LucasKauffman You can *write up* without reading by `append`. – Henning Klevjer Dec 09 '12 at 15:50
  • Like rsyslog, I get it what you mean now – Lucas Kauffman Dec 09 '12 at 16:42
  • If you write (append) something using the public key to encrypt it, then only the holder of the private key can decrypt it. This could be used to emulate a write-only feature though there would be some storage issues to work out depending on the nature of the encryption used. (For example, if the algorithm was chaining (ie. performing encryption impacts further encryptions in the stream) then you would have to save each append as a "new" encryption and then decrypt all of the different encryptions separately and then concat them. – AJ Henderson Dec 10 '12 at 15:26