The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
A Policy Translation Algorithm - Enabling any Hierarchical Key Assignment Scheme to Enforce Non-Hierarchcal Access Policies
Abstract
An access control policy of an organization specifies the access rules among subjects and objects. Depending on security clearance or data sensitivity, subjects and objects are divided into classes. The organization is hierarchical if classes are a partial ordered set (POset) on the access relation. Akl and Taylor first proposed a key assignment scheme to enforce access control in a hierarchy by assigning derivable keys to different classes. In the literature, most papers in the field focused on inventing different key assignment strategies to enforce such hierarchical policies. However, in practice, more complex policies may be necessary for real systems where transitive and antisymmetric exceptions are involved. This paper presents an algorithm which is capable of translating any policy from a hierarchy-with-exception to a hierarchy so that all existing hierarchical key assignment schemes can be used to enforce this richer set of policies.
|
|