The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Key Management in Hierarchical Access Control Systems


Download PDF Document


Marina Blanton

Tech report number

CERIAS TR 2007-79

Entry type



In a hierarchical access control system, users are partitioned into a number of classes -- called security classes -- which are organized in a hierarchy. Hierarchies arise in systems where some users have higher privileges than others and a security class inherits the privileges of its descendant classes. The problem of key assignment in such systems is how to assign cryptographic keys to users and resources to properly enforce access rights. Its crucial goal is efficiency: the number of keys a user obtains, computation a user performs, and amount of resources the server is required to maintain should be minimized. In this work, we present a fully-dynamic and very efficient solution to the key assignment problem that is also provably secure for a strong notion of security. We then show how the model can be extended to time-based policies where users obtain access rights only for a specific duration of time, and subsequently present our time-based key assignment solution. Finally, we explain how similar techniques can be used to efficiently enforce access control policies in geo-spatial systems and describe our construction for such systems as well.




2007 – 08


Purdue University

Key alpha



Purdue University

Publication Date


BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.