Managing user relationships in hierarchies for information system security

摘要

Hierarchies are an important concept in information protection systems. The uses of hierarchies in the security domain of computer information systems include access hierarchies, levels of abstraction in security kernels, multi-level security, and user hierarchies, among others. Using user hierarchies as an example, this paper proposes a new protection mechanism to achieve the key-to-key (KTK) security policy wherein each user in the hierarchy is assigned a key pair and the relationship between any two users can be revealed through an operation on their corresponding keys. In addition to the security provided by the policy, the new mechanism manifests several advantages over the previous methods in the literature. Among its merits are (1) simple and quick operations performed to determine user relationships, (2) less storage requirements, and (3) a high degree of dynamism that allows easy addition and deletion of user keys without affecting most of the existing keys in the user hierarchy. The relevance of the new KTK scheme to organizations and its implications for potential business applications are also discussed.