Key assignment for enforcing access control policy exceptions in distributed systems

Jyh Haw Yeh, Randy Chow, Richard Newman

Research output: Contribution to journalArticlepeer-review

14 Scopus citations

Abstract

A cryptographic key assignment scheme is proposed to enforce access control policies in which antisymmetric and transitive exceptions are included, in addition to the policies with partial ordered set (POSet) properties. In current literature, all proposed cryptographic key assignment schemes assume a user hierarchy model which can only enforce policies with POSet properties. The POSet properties are suitable for hierarchical systems. However, there are many systems, especially distributed systems handling indirect remote accesses, that cannot be modeled as a strict hierarchy. A new access control model named user hierarchy-with-exception and its enforcing key assignment scheme are proposed for those systems. There is only one key assigned to each user class in enforcing the user hierarchy model. The cost to achieve our more powerful scheme in the user hierarchy-with-exception model is one more key for each user class to memorize or one more step to access its own data. Published by Elsevier Science Inc.

Original languageEnglish
Pages (from-to)63-88
Number of pages26
JournalInformation Sciences
Volume152
Issue numberSUPPL
DOIs
StatePublished - Jun 2003

Keywords

  • Access control policy
  • Hierarchical with exceptions
  • Key assignment
  • Key derivation

Fingerprint

Dive into the research topics of 'Key assignment for enforcing access control policy exceptions in distributed systems'. Together they form a unique fingerprint.

Cite this