Key management in tree shaped hierarchies

We refer to an access control system based on subjects and objects. Subjects are active entities, e.g. processes, while objects are passive entities, e.g. messages exchanged between the nodes of a distributed computing environment. The system is partitioned into security classes organized into a tre...

Full description

Saved in:
Bibliographic Details
Published inInformation security journal. Vol. 27; no. 4; pp. 205 - 213
Main Author Lopriore, Lanfranco
Format Journal Article
LanguageEnglish
Published Abingdon Taylor & Francis 04.07.2018
Taylor & Francis Ltd
Subjects
Access control
Computer networks
cryptographic key
Cybersecurity
Distributed processing
Hierarchies
hierarchy
Object oriented programming
one-way function
protection
Online AccessGet full text

Cover

More Information
Summary:We refer to an access control system based on subjects and objects. Subjects are active entities, e.g. processes, while objects are passive entities, e.g. messages exchanged between the nodes of a distributed computing environment. The system is partitioned into security classes organized into a tree shaped hierarchy. A subject assigned to a given class can access the objects in this class and in all the classes that descend from this class in the class hierarchy. To this aim, a key is associated with each class. A mechanism of the protection system, called key derivation, allows a subject that holds the key of a given class to transform this key into the keys of the descendant classes. This mechanism is based on a single, publicly known one-way function. If the class hierarchy is modified, by adding a new class or deleting an existing class, the necessary form of key redistribution is partial, and is limited to the classes in the subtree of the root that is involved in the change.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1939-3555
1939-3547
DOI:10.1080/19393555.2018.1516835