A Novel Dynamic Role-Based Access Control Scheme in User Hierarchy



Similar documents
A Secure Password-Authenticated Key Agreement Using Smart Cards

A Cryptographic Key Assignment Scheme for Access Control in Poset Ordered Hierarchies with Enhanced Security

Secure Cloud Storage Service with An Efficient DOKS Protocol

BANDWIDTH ALLOCATION AND PRICING PROBLEM FOR A DUOPOLY MARKET

A Cryptographic Key Binding Method Based on Fingerprint Features and the Threshold Scheme

An Electricity Trade Model for Microgrid Communities in Smart Grid

How Much to Bet on Video Poker

Yixin Jiang and Chuang Lin. Minghui Shi and Xuemin Sherman Shen*

Two-Phase Traceback of DDoS Attacks with Overlay Network

Proactive Secret Sharing Or: How to Cope With Perpetual Leakage

Research Article Load Balancing for Future Internet: An Approach Based on Game Theory

Revenue Maximization Using Adaptive Resource Provisioning in Cloud Computing Environments

To manage leave, meeting institutional requirements and treating individual staff members fairly and consistently.

An Enhanced K-Anonymity Model against Homogeneity Attack

Basic Queueing Theory M/M/* Queues. Introduction

Inventory Control in a Multi-Supplier System

An Analytical Model of Web Server Load Distribution by Applying a Minimum Entropy Strategy

A hybrid global optimization algorithm based on parallel chaos optimization and outlook algorithm

PKIS: practical keyword index search on cloud datacenter

An Interest-Oriented Network Evolution Mechanism for Online Communities

Stochastic Models of Load Balancing and Scheduling in Cloud Computing Clusters

A Novel Methodology of Working Capital Management for Large. Public Constructions by Using Fuzzy S-curve Regression

Traffic Demand Forecasting for EGCS with Grey Theory Based Multi- Model Method

Stochastic Models of Load Balancing and Scheduling in Cloud Computing Clusters

Stochastic Models of Load Balancing and Scheduling in Cloud Computing Clusters

Module 2 LOSSLESS IMAGE COMPRESSION SYSTEMS. Version 2 ECE IIT, Kharagpur

II. THE QUALITY AND REGULATION OF THE DISTRIBUTION COMPANIES I. INTRODUCTION

Watermark-based Provable Data Possession for Multimedia File in Cloud Storage

Scalable and Secure Architecture for Digital Content Distribution

CONSTRUCTION OF A COLLABORATIVE VALUE CHAIN IN CLOUD COMPUTING ENVIRONMENT

International Journal of Industrial Engineering Computations

Virtual machine resource allocation algorithm in cloud environment

A new anonymity-based protocol preserving privacy based cloud environment

Cross-Domain Authorization Management Model for Multi- Levels Hybrid Cloud Computing

A Fuzzy Optimization Framework for COTS Products Selection of Modular Software Systems

Fault tolerance in cloud technologies presented as a service

Institute of Informatics, Faculty of Business and Management, Brno University of Technology,Czech Republic

Web Service-based Business Process Automation Using Matching Algorithms

Luby s Alg. for Maximal Independent Sets using Pairwise Independence

ANALYZING THE RELATIONSHIPS BETWEEN QUALITY, TIME, AND COST IN PROJECT MANAGEMENT DECISION MAKING

Least Squares Fitting of Data

Ganesh Subramaniam. American Solutions Inc., 100 Commerce Dr Suite # 103, Newark, DE 19713, USA

Intra-year Cash Flow Patterns: A Simple Solution for an Unnecessary Appraisal Error

A Programming Model for the Cloud Platform

Support Vector Machines

AN EFFICIENT GROUP AUTHENTICATION FOR GROUP COMMUNICATIONS

Research on Transformation Engineering BOM into Manufacturing BOM Based on BOP

R-HASH: HASH FUNCTION USING RANDOM QUADRATIC POLYNOMIALS OVER GF(2)

"Research Note" APPLICATION OF CHARGE SIMULATION METHOD TO ELECTRIC FIELD CALCULATION IN THE POWER CABLES *

Study on Model of Risks Assessment of Standard Operation in Rural Power Network

Capacity Planning for Virtualized Servers

Maximizing profit using recommender systems

8.5 UNITARY AND HERMITIAN MATRICES. The conjugate transpose of a complex matrix A, denoted by A*, is given by

Survey on Virtual Machine Placement Techniques in Cloud Computing Environment

Recurrence. 1 Definitions and main statements

Can Auto Liability Insurance Purchases Signal Risk Attitude?

MyINS: A CBR e-commerce Application for Insurance Policies

Single and multiple stage classifiers implementing logistic discrimination

A Statistical Model for Detecting Abnormality in Static-Priority Scheduling Networks with Differentiated Services

A Performance Analysis of View Maintenance Techniques for Data Warehouses

A role based access in a hierarchical sensor network architecture to provide multilevel security

The Development of Web Log Mining Based on Improve-K-Means Clustering Analysis

Tourism Demand Forecasting by Improved SVR Model

Naglaa Raga Said Assistant Professor of Operations. Egypt.

A P2P Approach for Business Process Modeling and Reuse

VRT012 User s guide V0.1. Address: Žirmūnų g. 27, Vilnius LT-09105, Phone: (370-5) , Fax: (370-5) , info@teltonika.

Research Article Enhanced Two-Step Method via Relaxed Order of α-satisfactory Degrees for Fuzzy Multiobjective Optimization

BERNSTEIN POLYNOMIALS

A Multi Due Date Batch Scheduling Model. on Dynamic Flow Shop to Minimize. Total Production Cost

International Journal of Information Management

Group Solvency Optimization Model for Insurance Companies Using Copula Functions

How To Understand The Results Of The German Meris Cloud And Water Vapour Product

Section 5.3 Annuities, Future Value, and Sinking Funds

Scan Detection in High-Speed Networks Based on Optimal Dynamic Bit Sharing

Response Coordination of Distributed Generation and Tap Changers for Voltage Support

Forecasting the Direction and Strength of Stock Market Movement

How Sets of Coherent Probabilities May Serve as Models for Degrees of Incoherence

Fuzzy Keyword Search over Encrypted Data in Cloud Computing

Compact CCA2-secure Hierarchical Identity-Based Broadcast Encryption for Fuzzy-entity Data Sharing

LAW ENFORCEMENT TRAINING TOOLS. Training tools for law enforcement officials and the judiciary

1. Fundamentals of probability theory 2. Emergence of communication traffic 3. Stochastic & Markovian Processes (SP & MP)

Problem Set 3. a) We are asked how people will react, if the interest rate i on bonds is negative.

IT09 - Identity Management Policy

Activity Scheduling for Cost-Time Investment Optimization in Project Management

A Similar Duplicate Data Detection Method Based on Fuzzy Clustering for Topology Formation

Answer: A). There is a flatter IS curve in the high MPC economy. Original LM LM after increase in M. IS curve for low MPC economy

The Load Balancing of Database Allocation in the Cloud

Software project management with GAs

DEFINING %COMPLETE IN MICROSOFT PROJECT

Laddered Multilevel DC/AC Inverters used in Solar Panel Energy Systems

A Dynamic Energy-Efficiency Mechanism for Data Center Networks

8 Algorithm for Binary Searching in Trees

A Novel Problem-solving Metric for Future Internet Routing Based on Virtualization and Cloud-computing

PSYCHOLOGICAL RESEARCH (PYC 304-C) Lecture 12

On the Optimal Control of a Cascade of Hydro-Electric Power Stations

An Error Detecting and Tagging Framework for Reducing Data Entry Errors in Electronic Medical Records (EMR) System

A Dynamic Load Balancing for Massive Multiplayer Online Game Server

Ring structure of splines on triangulations

Pricing Model of Cloud Computing Service with Partial Multihoming

Extending Probabilistic Dynamic Epistemic Logic

Transcription:

Journal of Coputatonal Inforaton Systes 6:7(200) 2423-2430 Avalable at http://www.jofcs.co A Novel Dynac Role-Based Access Control Schee n User Herarchy Xuxa TIAN, Zhongqn BI, Janpng XU, Dang LIU School of Coputer and Inforaton Engneerng, Shangha Unversty of Electrc Power Shangha 200090, Chna Abstract Role-based access control s an portant echans to prevent the unauthorzed access n ters of roles. User herarchy s an effcent structure to express the relatons between dfferent roles. The cobnaton between role-based access control and the user herarchy s requred n dfferent context, especally n open nternet envronent where the publshed or delegated data are encrypted for prvacy. In ths paper, we propose a novel role-based access control schee n user herarchy, whch can pleent dynac access control n open nternet envronent. Our approach s pleented by usng one-way hash functon to avod the leakage of keys fro dfferent roles, by usng a hashed value as the dentfer of a role and by usng dervaton functon to derve keys n the lower herarchy fro the keys n the upper herarchy. The key generaton, dentfer coputaton and key dervaton s qute sple, and the paraeters reebered by users are fxed. Keywords: Role-based Access Control; Dynac Access Control; User Herarchy. Introducton In recent years, ore and ore nforaton ncludng senstve data s publshed through nternet. However, the leakage of senstve data, such as edcal records or stocks data, ake the data publcaton developng slowly. In order to protect the senstve data fro unauthorzed or alcous access, ost of proposed papers are focused on adoptng encrypton to guarantee the prvacy of senstve data. Under the encrypton technque, only the user who has the correct decrypton key can decrypt the encrypted data and gets the real senstve data. However, encrypton of data brngs about two probles, one s that the encrypton for all senstve data by usng only one encrypton key akes all data n danger, the other s that the encrypton for each senstve data by usng dfferent encrypton keys akes the key anageent and dstrbuton dffcult. Therefore t s ore attractve and portant to cobne the encrypton wth access control n herarchy to pleent the effcent access control as well as the protecton of senstve data. In ths paper, we concentrate on desgnng a novel access control schee, whch can copute the keys for all users n ters of the dfferent relatons aong users n the herarchy. Related work. Access control n database s an portant echans to guarantee the securty and data prvacy, and there are any access control odels appled to dfferent data anageent systes. Bertno et al[2] states the current challenge of database securty and evoluton of the access control odel n dfferent data anageent syste, and dscussed access controls n obect-orented database systes n []. But n the data publcaton[6] and database outsourcng odel[4], tradtonal access control technology Correspondng author. Eal addresses: tanxuxa_76@sna.co.cn (Xuxa TIAN) 553-905/ Copyrght 200 Bnary Inforaton Press July, 200

2424 X. Tan et al. /Journal of Coputatonal Inforaton Systes 6:7(200) 2423-2430 whch operates on the clent-server archtecture n ters of the assupton that the trusted server s responsble for the desgnng and enforcng of the access control polcy, s challenged, because the data publsher or the database servce provder ay be untrusted for the publshed or delegated data contents. In data publcaton, Mklau et al[6] frst proposed a fraework to enforce access control polces on publshed XML docuents by usng cryptography, n whch the data owner enforce access control polcy by dstrbutng keys to users who are granted to access the correspondng data. In outsourced database, Saarat[3], Vercat [4], Tan[5] et al proposed to cobne the encrypton and access control to realze the effcent access control n ters of the keys dstrbuton. Especally Tan[5] ntroduced a DSP re-encrypton echans to pleent the selectve access control of the encrypted data as well as releve the clent fro the coplex key dervaton procedure. A nuber of works [7][8][9][0][][2][3] relatng to access control n a herarchy have been proposed. In alost all these works, there s a relatonshp between the key assgned to a node and those assgned to ts chldren. The dfference between the related works les ostly n the dfferent cryptographc technques eployed for key generaton. Yang et al[7] addressed an access control schee based on one-way hash functon, but Hsu et al[8] ponted out the securty leakage n Hsu s schee and proposed a new robust dynac access control schee. However, Hsu et al[8] schee ntroduced each user s dentty nforaton nto the hash functon to avod the key leakage. In ths paper, we concentrate on desgnng a schee to solve how to copute the prvate keys for users n ters of the dfferent relatons aong users n the herarchy. In our approach, the users n the herarchy are grouped nto dfferent roles n ters of ther access rghts, that s, the users who have the sae access rghts are assgned nto the sae role. 2. Prelnares 2.. Hash Functon We use H denotng as a hash functon, whch s the functon by nputtng an nforaton of arbtrary length and outputtng a dgest of fxed length. Assue H s an one-way, collson-resstant hash functon, whch eets wth the followng two propertes: ) Coputng H () s easy under the condton of known nforaton, but the reverse s ntractable. 2) If ', then H ( ) H ( ' ). Fg. Hash Functon Workng Prncple Fg. s the workng flow and propertes for hash functon H. Fro Fg. we know that H () s not equal to H (') as long as s not equal to ', that s to say that any bt of changng n nforaton wll result n dfferent hash result H (). The hash functon s the portant securty and effcency

X. Tan et al. /Journal of Coputatonal Inforaton Systes 6:7(200) 2423-2430 2425 guarantee for the schee proposed by us. 2.2. Partally Ordered Set (POSET) Due to the practcal organzaton relaton n copany, the access control s always fored as a user herarchy, n whch users are grouped nto dfferent roles, and each role s assgned a dfferent securty clearance, such as, 2,..., n n Fg.2, n s the nuber of roles. If usng < expresses a bnary partally ordered relaton, then < denotes that has hgher securty clearance than, n other words, the users n have the rghts to access data belongng to users n, but the reverse doesn t succeed. For clearness we gve the foral defnton of POSET n the followng. Suppose that an organzaton structure can be represented as a partally ordered set (, < ), s a set of levels n herarchy, and < s the donance relaton between the levels. For splcty, we also use representng the role n that level. In the followng and are two levels respectvely n the herarchy. ) If <, then we say that strctly donates, and s strctly donated by. 2) If < and >, then we say that the two levels are equal and denote ths as =. 3) If ether < or =, then we say that donates, and s donated by and denotes ths as. 4) If nether nor, then we say that the two levels are ncoparable. 5) If < and no z akes < z < succeed, then we say that s a parent of. If < only, then we say that s an ancestor of and s a descendant of. So the organzaton structure n Fg.2 s a POSET, and then satsfes the propertes of POSET. 3. Revew Hash Based Schee 3.. Yang[7] s Schee In Yang[7] s schee, A trusted certfcaton authorty(ca) frst deternes a set of one-way hash functons S H = { H, H 2,..., H n}, where n s the axu degree of the herarchy, n another words, the axu drect chld nodes of one parent node n the herarchy. Assung that there are seven securty clearances, 2, 3, 4, 5, 6, 7, and whch are organzed n a herarchy n Fg.2. The degree s 3 for the herarchy n Fg.2. In ther approach, the CA assgns one secret key k for each securty clearance, 7, such as k for securty clearance, k 2 for securty clearance 2. The dervaton rule s dvded nto the followng three stuatons: ) For the root node. The secret key for the root node s assgned arbtrarly by CA and can t be derved by anyone, such as k for. 2) For the node whch has unque drect parent node. Suppose node s the unque drect parent node of node,, and s the th chld node of, denoted as C,, the chld

2426 X. Tan et al. /Journal of Coputatonal Inforaton Systes 6:7(200) 2423-2430 are nubered fro the left to the rght. The secret key of can be derved fro k = H ( k ). For C, exaple 3 s the 2 th chld node of, denoted as C,2, and the secret key k 3 can be derved fro equaton k = H ( k ). 3 C,2 3) For the node whch has ore than one drect parent node. Suppose has drect parent nodes,,...,, where 2,, and s the th chld node of, C denoted as,. Assue the secret keys of k, k,..., k respectvely, the 2,,..., are,,2, parent H ( k ), t ust share the other paraeters Ct, t C s the order of t th parent node, t, and t, to derve the secret key of through the equaton: k = H ( H ( k ), H ( k ),..., H ( k )), C, denotes that s the C, C,, C, 2,2 C,, th chld node of. Fg. 2 Key Dervaton n the Herarchy Fg. 3 After Addng a New Node new For exaple, takng Fg.2 as an exaple, explans how to assgn and derve keys for each node n the herarchy through the followng stuatons: ) The secret key of the root node s k. 2) Node 2 can derve the secret key of node 5 by coputng H 2 ( k 2 ), therefore k 5 = H 2 ( k 2 ), and accordng to the sae rule, coputng k 2 = H ( k ), k 3 = H 2 ( k ) et al. Node 6 has two drect parent nodes, so node 2 and node 3 both can derve the secret key of 6 by coputng k 6 = H 3 ( H 3 ( k2 ), H( k3 )) under the condton that nodes 2 and 3 sharng the values of H ) and H ) each other. 3 ( k 2 ( k 3 3.2. The Attacks n Yang[7] s Schee and ts Iproveent Paper[8] ponts out that n schee[7] soeone ay overstep hs authorty to access the unauthorzed nforaton n two cases, one s addng a new node, and the other s addng a new node after deletng an old

X. Tan et al. /Journal of Coputatonal Inforaton Systes 6:7(200) 2423-2430 2427 one. Fg.3 s the graph after addng a new node n the poston of frst chld n Fg.2. Now the secret key of node 6 s coputed fro H ( k 3 ) and H 4 ( k 2 ) n ters of the coputaton rule, k 6 = H 3 ( H 4 ( k 2 ), H( k3 )), but before ths node 3 has already known the share value H 3 ( k 2 ), whch s now the secret key of node 5. Therefore the securty of node 5 wll be endangered, and the nforaton encrypted by usng secret key H 3 ( k 2 ) for node 5 wll be leaked. Fg.4 s another case, denotng that a new node s nserted n the poston where the old node has ust been deleted. Before the deletng operaton, node 3 knows the secret key H 3 ( k 2 ) of node 6, however, after the deletng operatng of node 5, node 3 wll know the secret key H 2 ( k 2 ) of node 6. Contnung the process, when addng a new node the secret key H 2 ( k 2 ) of the new node new new to the poston where node 5 s deleted, s already known by node 3, so the prvacy of new node new s endangered and the nforaton encrypted by the secret key H 2 ( k 2 ) s dsclosed. Hsu[8] proved the securty of schee proposed by Yang[7] through addng the dentty nforaton nto the process of secret key coputaton, such as k 2 can be coputed by usng the equaton k 2 = H( ID, k, ) 2 ID, where ID, ID 2 are the dentfer for node 2, respectvely. Fg. 4 Addng a New Node new after Deletng an Old Node 5 4. Proposed Schee n User Herarchy 4.. The Identfer Defnton for a Role We assgn an dentfer for each role n the syste, and the dentfer can be coputed and publshed by each role wthout dsclosng any prvacy of user. r d = H ( userd userd 2... userdn ) th Where and s the nuber of roles n the syste, n s the nuber of users n the role. So each te deletng or nsertng a user fro soe role, the dentfer of the role wll be changed at the sae te, Fg.5 llustrates the herarchy of roles n the syste and the correspondng publcaton table for dentfers of roles. For exaple, the herarchy n Fg.5 s an acadec organzaton n soe college n one unversty. The college s anaged by a Dean. Under the dean are the dfferent departents chars, such as coputer scence(cs) char, councaton engneerng(ce) char. The students, who are n the lowest level, are advsed by one or ore tutors n the correspondng teacher groups. In ters of the practcal applcaton, we need to antan the senstve score or transcrpt nforaton of each student. The followng access control requreents need to be satsfed. ) Each student can read hs/her score or transcrpt.

2428 X. Tan et al. /Journal of Coputatonal Inforaton Systes 6:7(200) 2423-2430 2) The teacher who teaches the student can read the score or transcrpt of the student. 3) The char of the departent n whch a student s aorng can read the student s score or transcrpt nforaton. 4) The dean can read all students transcrpts. Fg. 5 A Herarchy and ts Correspondng Publshed Identfers for Roles Suppose the Stu s a role whch s coposed of fve students, so the role dentfer for role Stu s n the followng. Stu d = H ( stud stud 2 stud 3 stud 4 stud 5 ) Assue the CS group conssts of three teachers, so the role dentfer for role CS group s as follows. CSgroup d = H ( teacherd teacherd 2 teacherd 3 ) The dentfers for other roles can be derved n ters of the nuber of persons n the roles, and the coputaton process s slar as above. So the deletng or nsertng users fro correspondng roles wll pact the dentfer of the role, and n turn effect the key dervaton fro the upper level to lower level. 4.2. The Proposed Schee Our schee requres satsfyng the followng three stuatons, that s, the key assgnent n the herarchy eet wth the followng three stuatons: ) For the unque parent node. Its secret key k root s assgned arbtrarly by the CA, such as k root = k for the node of role Dean. 2) For the nodes whch only have one drect parent node. If only has one drect parent node, then the secret key for s k = k = H k, ), k s the secret key for ( d, s the dentfer d for role, d can be searched n the publcaton of CA n table n Fg.6. For exaple, CS char can derve the secret key for CS group as follows. k = H ( k, CSgroup ), where CSgroup CSchar d CSgroup d = H ( teacherd teacherd 2... teacherd ), s the nuber of teachers n the CS group. 3) For the node whch has ore than one drect parent node. Suppose has drect parent nodes 2,,...,, where,, and s the th chld node of, denoted as C,. Assue the secret keys of 2,,..., are k, k,2,..., k,, respectvely, the parent ust

X. Tan et al. /Journal of Coputatonal Inforaton Systes 6:7(200) 2423-2430 2429 share the other paraeters H ( k, t, d ), d s the dentfer for role, t, and t, to derve the secret key of through the equaton: k = H ( H ( k,, d ), H ( k,2, d ),..., H ( k,, d )). For exaple, the secret key for role Stu2 n Fg.6 can be coputed as follows: k Stu2 = H ( H ( kcsgroup2, Stu2d ), H ( kcegroup, Stu2d )), where Stu 2d = H ( stud stud 2... stud ), s the nuber of students n role Stu2. 5. Dynac Access Control n the Herarchy 5.. Addng a User When addng a new user, there are two dfferent stuatons, the frst s that the new user doesn t belong to any role exst, so t s necessary to create a new role for the user. The second s that the new user belongs to a role exst, so the dentfer of the role exst need to be updated. In the frst stuaton If the new node wll be the new root node, the CA needs to assgn an arbtrary key for the new role, and all keys drect or ndrect wll be coputed agan. For exaple, nsertng a new node nto the root node n Fg.2, the orgnal node becoes the drect chld of new node knew arbtrarly for node new our proposed schee n secton 4.2. new new. The CA assgns a key, and all the other keys wll be regenerated n ters of the three stuatons n If a new node new s nserted nto a branch between and 3 n Fg.2, the drect parent only needs to derve the secret key k = H ( k, ) for the new nserted node new, where new newd newd s the dentfer of the new node, newd = H ( newuserd ). At the sae te the secret keys of drect or the ndrect chld of the new node new are updated, such as the keys for the nodes 3, 6, 7. The dentfers for all roles exst don t need to be updated because of no user nsertng. In the second stuaton If a new user s nserted nto a role exst, then we need to update the dentfer of the role, and at the sae te update the key for the role, such as nsertng a new user nto role 2 n Fg.2, then the dentfer of role 2 becoes H ( 2d d 2... 2d 2dnew ), 2 dnew s the d of new user. At the sae te the secret keys of drect or the ndrect chld of the role 2 are updated, such as the keys for the nodes 4, 5, 6. Insertng a new user nto the role 6 s the sae as above, but now only the dentfer and secret key of 6 s updated, the others are keep the sae because the node 6 s a leaf node. 5.2. Deletng a User When deletng a user, there are two dfferent stuatons, the frst s to delete a role(a node n the herarchy). The second s to delete a user fro soe role. In the frst stuaton When the deletng node s the root node, then the keys of ts drect or ndrect node should be updated. For exaple, the deletng of node fro Fg.2 results n the CA assgnng keys for nodes 2 and 3 arbtrarly, and then regeneratng the keys for the nodes below the, such as 4, 5, 6, 7. If a node 5 s deleted fro Fg.2, all other keys needn t to be updated because 5 s a leaf node. The dentfers for all roles exst don t need to be updated because of no user deletng.

2430 X. Tan et al. /Journal of Coputatonal Inforaton Systes 6:7(200) 2423-2430 In the second stuaton When deletng a user n soe role exst, then we need to update the dentfer of the role, and at the sae te update the key for the role, such as deletng a user fro role 3 n Fg.2, then the dentfer of role 3 becoes 3d = H ( 3d 3d 2... 3d ( ) ), s the nuber of users n role 3 after deletng. The key for 3 becoes k = H ( k, 3 ) 3 d, and all keys for drect or ndrect node under node 3 are updated n ters of the schee proposed by us. 6. Conclusons and Future Work In ths paper a dynac access control schee n user herarchy based on hash functon s proposed. A dervaton functon s proposed and used to derve keys for dfferent users n the herarchy. Our approach not only provdes the dynac nsertng and deletng support for users, but also s applcable to general case. Securty analyss shows that our schee s securty aganst the key leakage when users change ther roles or leave the roles. In the future, we respect to fnd ore flexble approaches on provng effcency to both the space and the coputaton, especally reduce the share nforaton. Acknowledgeent The authors are grateful for the anonyous revewers who ade constructve coents. Ths work was supported by Research Fund for Excellent Youth Scholars of Shangha Hgher Educaton(No. Z-2006-52). References [] E. Bertno, S. Jaoda, and P. Saarat. Access Controls n Obect-Orented Database Systes: Soe Appproaches and Issues. In Advanced Database Concepts and Research Issues, 993, LNCS 759. [2] E. Bertno and R. Sandhu. Database securty-concepts, approaches and challenges. IEEE Transactons on Dependable and Secure Coputng, 2005,2():2-8. [3] P. Saarat. A data outsourcng archtecture cobnng cryptography and access control. Proc. of the st Coputer Securty Archtecture Workshop, Farfax, VA, 2007, pp. 63-69. [4] S. De Captan d Vercat, S. Forest, S. Jaoda, S. Parabosch, and P. Saarat. Over-encrypton: anageent of access control evoluton on outsourced data. In Proc. of the 33rd VLDB Conference, Venna, Austra, 2007, pp. 23-34. [5] X. Tan, X. Wang, and A. Zhou. DSP RE-Encrypton: A Flexble Mechans for Access Control Enforceent Manageent n DaaS. 2009 IEEE Internatonal Conference on Cloud Coputng, 2009, pp. 25-32. [6] G. Mklau and D. Sucu. Controllng access to publshed data usng cryptography. In Proc. of the 29th VLDB Conference, Berln, Gerany, 2003,pp. 898-909. [7] C. Yang and C. L. Access control n a herarchy usng one-way hash functons. Coputers and Securty, 2004, 23( 8) :659-664. [8] C.L. Hsu, P.L. Tas, and Y.C Chou. Robust dynac access control schee n a user herarchy based on one-way hash functon.2009, http://dspace.lb.fcu.edu.tw/btstrea/2377/23//ce07cs002008000068.pdf. [9] S. G. Akl and P. D. Taylor. Cryptographc Soluton to a Multlevel Securty Proble. Advances n Cryptology: Proceedngs of CRYPTO, Plenu Press, NY, 982, pp. 237 249. [0] S. G. Akl and P. D. Taylor. Cryptographc Soluton to a Proble of Access Control n a Herarchy. ACM Transactons on Coputer Systes, 983,(3):239 248. [] F. H. Kuo, V. R. L. Shen, T. S. Chen, and F. La. Cryptographc key assgnent schee for dynac access control n a user herarchy. Proceedngs of Coputers and Dgtal Technques, 999, 46(5): 235-240. [2] T. C. Wu and C. C. Chang. Cryptographc key assgnent schee for herarchcal access control. Coputer Systes Scence and Engneerng, 200, 6():25-28. [3] J. Crapton, K. Martn, and P. Wld. On key assgnent for herarchcal access control. In Proc. Of the 9th IEEE CSFW, Vence, Italy, 2006,pp.98-.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information