A Framework for Scalable Multicast Security with Bell-LaPedula Confidentiality Model Mohamed Eltoweissy, Ph.D. Interim Director, Commonwealth Information Security Center Computer Science Department, James Madison University Abstract Multicast communications allow members of a group to exchange data efficiently. Normally, this exchange occurs between all group participants. However, there are applications that may require smaller subgroups to communicate without sharing information with all group members. Such a requirement can be captured within an information flow policy. We propose a framework for the creation and management of subgroups within a larger multicast group to enforce information flow policies according to the Bell-Lapedula Confidentiality Model. Our framework utilizes hierarchical key management trees to provide the necessary keying infrastructure. We also integrate the concepts of distributed key management with key translators to provide a more scalable solution for large, dynamic multicast groups. Our framework supports both one-to-many and many-to-many multicast groups. In addition, it supports inter-domain multicast groups and limits the effects of group membership changes to the domain(s) with affected members. Finally, our framework can be extended to support other security requirements within a subgroup such as the creation of multiple multicast security associations. ------------------------------------------------------------ Mohamed Eltoweissy is the Interim Director and Research Coordinator of the Commonwealth Information Security Center at James Madison University. He is an associate professor of Computer Science at JMU. His research interests include information security, computer networks, computer-supported cooperative work, and distributed systems. He has an aggressive funding record (over $10M) and has published numerous papers in books, journals, and refereed conference proceedings. As an educator, Eltoweissy has developed and taught graduate and undergraduate courses in networking, network security, network management systems, network design and analysis, operating systems, etc. In addition, Eltoweissy has served as a consultant to several companies including Lucent, AT&T, Carrier One, LOMAC, and several US agencies including NASA, NRL, NAVSEA and GRI. Eltoweissy received his PhD in Computer Science from Old Dominion University in 1993 and his MS and BS in Computer Science from Alexandria University, Egypt, in 1989 and 1986 respectively.