The Group-centric Secure Information Sharing (g-SIS) family of models has been proposed for modeling environments in which group dynamics dictate information-sharing policies and practices. This is in contrast to traditional, dissemination-centric sharing models, which focus on attaching policies to resources that limit their flow from producer to consumer. The creators of g-SIS speculate that it may not be strictly more expressive than dissemination-centric models, but that it nevertheless has pragmatic efficiency advantages in group-centric scenarios [12]. In this paper, we formally and systematically test these characteristics of an access control system’s suitability for a scenario—expressiveness and cost— to evaluate the capabilities of dissemination-centric systems within group-centric workloads. We show that several common dissemination-centric systems lack the expressiveness to meet all security guarantees while implementing the wide range of behavior that is characteri...
William C. Garrison III, Yechen Qiao, Adam J. Lee