Hierarchical access control policies are used to restrict access toobjects by users based on their respective security labels. There aremany key assignment schemes in the literature for implementingsuch policies using cryptographic mechanisms. Updating keys in suchschemes has always been problematic, not least because many objectsmay be encrypted with the same key. We propose a number of techniquesby which this process can be improved, making use of the idea oflazy key updates, which have been studied in the context ofcryptographic file systems. We demonstrate in passing that schemesfor lazy key updates can be regarded as simple instances of keyassignment schemes. Finally, we illustrate the utility of ourtechniques by applying them to hierarchical file systems and totemporal access control policies.
展开▼