access control scheme for partially ordered set hierarchy with provable security
abstract
in many multi-user information systems, the users are organized as a hierarchy.
each user is a subordinate, superior and/or coordinate of some
others. in such systems, a user has access to the information if and only
if the information belongs to the user or his/her subordinates. hierarchical
access control schemes are designed to enforce such access policy. in the past
years, hierarchical access control schemes based on cryptography are intensively
researched. much progress has been made in improving the schemes’
performance and security.
the main contribution of this thesis is a new hierarchical access control
scheme. this is the first one that provides strict security proof under a
comprehensive security model that covers all possible cryptographic attacks
to a hierarchical access control scheme. the scheme is designed and analyzed
based on the modern cryptography approach, i.e., defining the security
model, constructing the scheme based on cryptography primitives, and proving
the security of the scheme by reducing the cryptography primitives to
the scheme. besides the security property, this scheme also achieves good
performance in consuming small storage space, supporting arbitrary and dynamic
hierarchial structures. in the thesis, we also introduce the background
in cryptography and review the previous schemes.
collections
- retrospective theses [1604]