Key Management in Hierarchical Access Control Systems
Tech report number
CERIAS TR 2007-79
In a hierarchical access control system, users are partitioned into a number of classes -- called security classes -- which are organized in a hierarchy. Hierarchies arise in systems where some users have higher privileges than others and a security class inherits the privileges of its descendant classes. The problem of key assignment in such systems is how to assign cryptographic keys to users and resources to properly enforce access rights. Its crucial goal is efficiency: the number of keys a user obtains, computation a user performs, and amount of resources the server is required to maintain should be minimized. In this work, we present a fully-dynamic and very efficient solution to the key assignment problem that is also provably secure for a strong notion of security. We then show how the model can be extended to time-based policies where users obtain access rights only for a specific duration of time, and subsequently present our time-based key assignment solution. Finally, we explain how similar techniques can be used to efficiently enforce access control policies in geo-spatial systems and describe our construction for such systems as well.
2007 – 08