Cryptographic solution to a problem of access control in a hierarchy

Assume t h a t the users of a c o m p u t e r (or c o m m u n i c a t i o n ) s y s t e m are d iv ided in to a n u m b e r of d i s jo in t sets, /_}1, U2 . . . . . Un. T h e t e r m security class (or class, for short) is used to des igna te each of the Ui. A s s u m e fu r the r t h a t a b i n a r y r e l a t ion _< par t i a l ly orders the set S = ( U1, U 2 , . . . , /_7,} of classes. T h e m e a n i n g of Ui <Uj in the pa r t i a l ly ordered set (poset) (S, ~) is t h a t users in Ui have a security clearance lower t h a n or equa l to those in Uj. S i m p l y put , th is m e a n s t h a t users in Uj can have access to i n f o r m a t i o n he ld by (or de s t i ned to) users in Ui, while the opposi te is no t allowed. Le t xm be a piece of in fo rmat ion , or object, t h a t a cen t r a l a u t h o r i t y (CA) desires to s tore in (or b roadcas t over) the sys tem. T h e m e a n i n g of the subsc r ip t m is t h a t ob jec t x is accessible to users in class Urn. T h e par t i a l o rder on S impl ies t h a t xm is also accessible to users in all classes Ui such t h a t Um Ui. I t is r equ i r ed to design a sy s t em which, in add i t i on to sa t i s fy ing the above condi t ions , e n su r e s t h a t access to i n f o r m a t i o n is as decen t ra l i zed as possible. T h i s m e a n s t h a t au thor ized users shou ld be able to retrieve xm independent ly as soon as it is stored or broadcast by CA.

[1]  Gustavus J. Simmons,et al.  Symmetric and Asymmetric Encryption , 1979, CSUR.

[2]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Ivan Matveevich Vinogradov,et al.  An introduction to the theory of numbers , 1955 .

[5]  Selim G. Akl,et al.  An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy , 1985, IEEE Transactions on Computers.

[6]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[7]  Derrick Grover,et al.  Cryptography: A Primer , 1982 .

[8]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[9]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[10]  Alan G. Konheim Cryptography, a primer , 1981 .

[11]  Stephen C. Pohlig,et al.  An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[12]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[13]  David A. Bell,et al.  Secure computer systems: mathematical foundations and model , 1973 .

[14]  E. T. An Introduction to the Theory of Numbers , 1946, Nature.

[15]  E. Wright,et al.  An Introduction to the Theory of Numbers , 1939 .

[16]  Stephen M. Matyas,et al.  Cryptography: A New Dimension in Computer Data Security--A Guide for the Design and Implementation of Secure Systems , 1982 .

[17]  Ehud Gudes The Design of a Cryptography Based Secure File System , 1980, IEEE Transactions on Software Engineering.