TY - JOUR
T1 - Key assignment for enforcing access control policy exceptions in distributed systems
AU - Yeh, Jyh Haw
AU - Chow, Randy
AU - Newman, Richard
PY - 2003/6
Y1 - 2003/6
N2 - A cryptographic key assignment scheme is proposed to enforce access control policies in which antisymmetric and transitive exceptions are included, in addition to the policies with partial ordered set (POSet) properties. In current literature, all proposed cryptographic key assignment schemes assume a user hierarchy model which can only enforce policies with POSet properties. The POSet properties are suitable for hierarchical systems. However, there are many systems, especially distributed systems handling indirect remote accesses, that cannot be modeled as a strict hierarchy. A new access control model named user hierarchy-with-exception and its enforcing key assignment scheme are proposed for those systems. There is only one key assigned to each user class in enforcing the user hierarchy model. The cost to achieve our more powerful scheme in the user hierarchy-with-exception model is one more key for each user class to memorize or one more step to access its own data. Published by Elsevier Science Inc.
AB - A cryptographic key assignment scheme is proposed to enforce access control policies in which antisymmetric and transitive exceptions are included, in addition to the policies with partial ordered set (POSet) properties. In current literature, all proposed cryptographic key assignment schemes assume a user hierarchy model which can only enforce policies with POSet properties. The POSet properties are suitable for hierarchical systems. However, there are many systems, especially distributed systems handling indirect remote accesses, that cannot be modeled as a strict hierarchy. A new access control model named user hierarchy-with-exception and its enforcing key assignment scheme are proposed for those systems. There is only one key assigned to each user class in enforcing the user hierarchy model. The cost to achieve our more powerful scheme in the user hierarchy-with-exception model is one more key for each user class to memorize or one more step to access its own data. Published by Elsevier Science Inc.
KW - Access control policy
KW - Hierarchical with exceptions
KW - Key assignment
KW - Key derivation
UR - http://www.scopus.com/inward/record.url?scp=0037960156&partnerID=8YFLogxK
U2 - 10.1016/S0020-0255(03)00053-7
DO - 10.1016/S0020-0255(03)00053-7
M3 - Article
AN - SCOPUS:0037960156
SN - 0020-0255
VL - 152
SP - 63
EP - 88
JO - Information Sciences
JF - Information Sciences
IS - SUPPL
ER -