Access control scheme for partially ordered set hierarchy with provable security

Abstract

In many multi-user information systems, the users are organized as a hierarchy. Each user is a subordinate, superior and/or coordinate of some others. In such systems, a user has access to the information if and only if the information belongs to the user or his/her subordinates. Hierarchical access control schemes are designed to enforce such access policy. In the past years, hierarchical access control schemes based on cryptography are intensively researched. Much progress has been made in improving the schemes’ performance and security. The main contribution of this thesis is a new hierarchical access control scheme. This is the first one that provides strict security proof under a comprehensive security model that covers all possible cryptographic attacks to a hierarchical access control scheme. The scheme is designed and analyzed based on the modern cryptography approach, i.e., defining the security model, constructing the scheme based on cryptography primitives, and proving the security of the scheme by reducing the cryptography primitives to the scheme. Besides the security property, this scheme also achieves good performance in consuming small storage space, supporting arbitrary and dynamic hierarchial structures. In the thesis, we also introduce the background in cryptography and review the previous schemes.