IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations

A Policy Translation Algorithm - Enabling any Hierarchical Key Assignment Scheme to Enforce Non-Hierarchcal Access Policies

A Policy Translation Algorithm - Enabling any Hierarchical Key Assignment Scheme to Enforce Non-Hierarchcal Access Policies
View Free PDF
Author(s): Jyh-haw Yeh (Boise State University, USA)
Copyright: 2004
Pages: 4
Source title: Innovations Through Information Technology
Source Editor(s): Mehdi Khosrow-Pour, D.B.A. (Information Resources Management Association, USA)
DOI: 10.4018/978-1-59140-261-9.ch045
ISBN13: 9781616921255
EISBN13: 9781466665347

Abstract

An access control policy of an organization specifies the access rules among subjects and objects. Depending on security clearance or data sensitivity, subjects and objects are divided into classes. The organization is hierarchical if classes are a partial ordered set (POset) on the access relation. Akl and Taylor first proposed a key assignment scheme to enforce access control in a hierarchy by assigning derivable keys to different classes. In the literature, most papers in the field focused on inventing different key assignment strategies to enforce such hierarchical policies. However, in practice, more complex policies may be necessary for real systems where transitive and antisymmetric exceptions are involved. This paper presents an algorithm which is capable of translating any policy from a hierarchy-with-exception to a hierarchy so that all existing hierarchical key assignment schemes can be used to enforce this richer set of policies.

Body Bottom