Enforcing Non-Hierarchical Access Control Policy Without Public Key Cryptography

Publication Date

11-2005

Type of Culminating Activity

Thesis

Degree Title

Master of Science in Computer Science

Department

Computer Science

Supervisory Committee Chair

Jyh-haw Yeh

Abstract

Enforcing access control in an organization has been an important research area in computer security for many years. Generally an organization has a hierarchical structure. The system resources and information are classified into different classes with different security clearances. A hierarchical access control policy allows higher security classes to access lower security classes, but not the opposite. Over the last twenty years, many solutions have been proposed, which are mainly based on generating cryptographic keys for each security class such that the key for a lower level security class can be derived from the key for a security class that is higher in the hierarchy. Besides the strict hierarchical organizations, there exist other types of organizations that require more flexible access control policies, namely hierarchy with exceptions, or non-hierarchical organizations. Recently, several schemes have been proposed to solve the access control problem for non-hierarchical organizations. But they all use costly public key like operations. This thesis proposes an efficient key assignment scheme that enforces not only hierarchical policies but also non- hierarchical policies with transitive and anti-symmetric exceptions. Theoretical analysis shows the new scheme is correct and secure against several common malicious attacks. The new scheme is also implemented along with two other existing schemes for comparisons. Contributions of this thesis also include the development of dynamic-operation procedures for the two existing schemes. Experiments on key assignment, key derivation, and dynamic operations are performed. The experimental results show the new scheme is not only more efficient, but also has fewer keys affected than the existing ones when performing dynamic operations.

This document is currently not available here.

Files over 30MB may be slow to open. For best results, right-click and select "save as..."

Share

COinS