The simplest way for computer users to secure files is to encrypt them using tools like crypt or PGP. Though this method is simple, it requires that users be familiar with the use of such tools. Another problem with this approach is that users might forget to re-encrypt or delete clear-text copies of the files, defeating the very purpose of using encryption in the first place. A more elegant solution is to use "Secure Filesystems". Secure Filesystems abstract away encryption and decryption into the filesystem. Applications and users do not need to be aware of what happens behind the scenes. However, most approaches to secure filesystems require that users trust the 'System Administrator'. Also, most current approaches to secure filesystems do not offer an intuitive file sharing mechanism. Though the UNIX group mechanism offers file sharing capabilities, it does so only at a very coarse granularity. Moreover, setting up new sharing semantics require intervention of the System Administrator.
Cryptographic Sealing described in "Cryptographic Sealing for Information Secrecy and Authentication" by David K. Gifford, offers and interesting approach to securing filesystems. I will implement Crytpographic Sealing as a Linux kernel module. I will then use the module to implement a secure filesystem for Linux.