A secure broadcast model is investigated, in which a source node broadcasts N confidential 
messages to N nodes, with each message intended to be decoded accurately by one node and 
to be kept secret from all of other nodes (who are thus considered to be eavesdroppers 
with regard to all other messages but their own). The source maintains a queue for each 
message if it is not served immediately. The channel from the source to the N nodes is 
modeled as a fading broadcast channel, and channel state information is assumed to be 
known to all nodes. Two eavesdropping models are considered. For a collaborative model 
in which the eavesdroppers exchanging their outputs, the secrecy capacity region is 
obtained, within which each rate vector is achieved by using time division and source 
power allocation  among channel states. A throughput optimal queue length based scheduling 
algorithm is further derived under secrecy constraints, where the queue length vector 
determines the power allocation at the source, and hence determines the secrecy rate 
allocation among users. For a non-collaborative model, in which eavesdroppers do not 
exchange their outputs, time division provides only a secrecy rate region, and the 
queue-length-based scheduling algorithm corresponding to this rate region is suboptimal.