Mar 27, 2007: Key Management in Hierarchical Access Control Systems
Filed in: Colloquium
Marina Blanton, Purdue University
In a hierarchical access control system, users are divided into a number of disjoint classes, called security classes, which are organized in a hierarchy. Such a hierarchy arises in systems where some users have higher privileges than others. For example, a project manager will have the access rights of both a code developer and a technical writer. Thus, it is assumed that a security class will inherit the access privileges of its descendant classes. The problem of key assignment in such systems is then how to assign cryptographic keys to users and resources to properly enforce access rights. Its main goal is efficiency: the number of keys a user obtains, computation a user performs, and amount of information the server stores should be minimized.
In this talk, we present a fully-dynamic and very efficient solution to the key assignment problem that is also provably secure for a strong notion of security. We then show how the model can be extended to time-based policies where users obtain access rights only for a specific duration of time, and subsequently present our time-based key assignment scheme. Finally, we explain how similar techniques can be used to efficiently enforce access control policies in geo-spatial systems.
Marina Blanton is a Ph.D. candidate in the Department of Computer Science at Purdue University. She received her MS in CS from Purdue University in 2004 and MS in EECS from Ohio University in 2002. Marina's research interests lie in information security and, in particular, her work focuses on anonymity in access control systems, key management and authentication, privacy-preserving computation, and applied cryptography. Marina has nearly 20 research publications and has been actively involved in professional service.
Abstract
In a hierarchical access control system, users are divided into a number of disjoint classes, called security classes, which are organized in a hierarchy. Such a hierarchy arises in systems where some users have higher privileges than others. For example, a project manager will have the access rights of both a code developer and a technical writer. Thus, it is assumed that a security class will inherit the access privileges of its descendant classes. The problem of key assignment in such systems is then how to assign cryptographic keys to users and resources to properly enforce access rights. Its main goal is efficiency: the number of keys a user obtains, computation a user performs, and amount of information the server stores should be minimized.
In this talk, we present a fully-dynamic and very efficient solution to the key assignment problem that is also provably secure for a strong notion of security. We then show how the model can be extended to time-based policies where users obtain access rights only for a specific duration of time, and subsequently present our time-based key assignment scheme. Finally, we explain how similar techniques can be used to efficiently enforce access control policies in geo-spatial systems.
Bio
Marina Blanton is a Ph.D. candidate in the Department of Computer Science at Purdue University. She received her MS in CS from Purdue University in 2004 and MS in EECS from Ohio University in 2002. Marina's research interests lie in information security and, in particular, her work focuses on anonymity in access control systems, key management and authentication, privacy-preserving computation, and applied cryptography. Marina has nearly 20 research publications and has been actively involved in professional service.