On some cryptographic solutions for access control in a tree hierarchy

We consider the access control problem in a system where users and information items are classified into security classes organized as a rooted tree, with the most privileged security class at the root. In practice we expect such a tree to be quite broad and shallow. It is also inevitable that new security classes will need to be added as the needs of the organization evolve. We compare some cryptographic techniques which have been proposed in the literature for solution of this problem.

[1]  Fred B. Schneider,et al.  Master Keys for Group Sharing , 1981, Inf. Process. Lett..

[2]  Ehud Gudes The Design of a Cryptography Based Secure File System , 1980, IEEE Transactions on Software Engineering.

[3]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[4]  Ravi S. Sandhu,et al.  Cryptographic Implementation of a Tree Hierarchy for Access Control , 1988, Inf. Process. Lett..

[5]  David K. Gifford Cryptographic sealing for information secrecy and authentication , 1981, SOSP.

[6]  J. D. Humphries Time-Sharing Computer Systems , 1969 .

[7]  Selim G. Akl,et al.  New Key Generation Algorithms for Multilevel Security , 1983, 1983 IEEE Symposium on Security and Privacy.

[8]  David K. Gifford Cryptographic sealing for information secrecy and authentication , 1982, CACM.

[9]  Maurice V. Wilkes,et al.  Time-sharing computer systems , 1968 .

[10]  George B. Purdy,et al.  A high security log-in procedure , 1974, Commun. ACM.

[11]  Fred B. Schneider,et al.  More on Master Keys for Group Sharing , 1981, Inf. Process. Lett..

[12]  Selim G. Akl,et al.  An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy , 1985, IEEE Transactions on Computers.

[13]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[14]  Edwin Weiss,et al.  A user authentication scheme not requiring secrecy in the computer , 1974, Commun. ACM.

[15]  R. P. Dilworth,et al.  A DECOMPOSITION THEOREM FOR PARTIALLY ORDERED SETS , 1950 .

[16]  Chak-Kuen Wong,et al.  A User Authentication Scheme for Shared Data Based on a Trap-Door One-Way Function , 1981, Inf. Process. Lett..

[17]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .