Cryptographic pointers for fine-grained file access security

We present a paradigm for fine-grained access security in a protection environment featuring files and records. Files are allocated at increasing addresses in a virtual space whose size is extremely large, so that virtual space reuse is never necessary. A record is a portion of a file. A subject certifies possession of an access privilege for a given object, file or record, by presenting a cryptographic pointer (c-pointer) referencing that object. The c-pointer includes a key, and the composition of the access privilege expressed in terms of the two access rights, to read and to write. The c-pointer is valid if the key descends from a master key indicated in the c-pointer, by application of a universally-known, symmetric algorithm. Records can be encrypted, and the key is specific to the given record. A set of security primitives forms the user interface of the security system. The resulting environment is evaluated from a number of viewpoints that include key proliferation, weakening and revocation, selective encryption, file directories, and robustness against security attacks aimed at c-pointer forging.