Enforcing Non-Hierarchical Access Control Policy Without Public Key Cryptography
Type of Culminating Activity
Master of Science in Computer Science
Enforcing access control in an organization has been an important research area in computer security for many years. Generally an organization has a hierarchical structure. The system resources and information are classified into different classes with different security clearances. A hierarchical access control policy allows higher security classes to access lower security classes, but not the opposite. Over the last twenty years, many solutions have been proposed, which are mainly based on generating cryptographic keys for each security class such that the key for a lower level security class can be derived from the key for a security class that is higher in the hierarchy. Besides the strict hierarchical organizations, there exist other types of organizations that require more flexible access control policies, namely hierarchy with exceptions, or non-hierarchical organizations. Recently, several schemes have been proposed to solve the access control problem for non-hierarchical organizations. But they all use costly public key like operations. This thesis proposes an efficient key assignment scheme that enforces not only hierarchical policies but also non- hierarchical policies with transitive and anti-symmetric exceptions. Theoretical analysis shows the new scheme is correct and secure against several common malicious attacks. The new scheme is also implemented along with two other existing schemes for comparisons. Contributions of this thesis also include the development of dynamic-operation procedures for the two existing schemes. Experiments on key assignment, key derivation, and dynamic operations are performed. The experimental results show the new scheme is not only more efficient, but also has fewer keys affected than the existing ones when performing dynamic operations.
Ma, Quan, "Enforcing Non-Hierarchical Access Control Policy Without Public Key Cryptography" (2005). Boise State University Theses and Dissertations. 528.