Managing user relationships in hierarchies for information system security

Managing user relationships in hierarchies for information system security

0.00 Avg rating0 Votes
Article ID: iaor20082868
Country: Netherlands
Volume: 43
Issue: 2
Start Page Number: 408
End Page Number: 419
Publication Date: Mar 2007
Journal: Decision Support Systems
Authors: , , ,
Keywords: security
Abstract:

Hierarchies are an important concept in information protection systems. The uses of hierarchies in the security domain of computer information systems include access hierarchies, levels of abstraction in security kernels, multi-level security, and user hierarchies, among others. Using user hierarchies as an example, this paper proposes a new protection mechanism to achieve the key-to-key (KTK) security policy wherein each user in the hierarchy is assigned a key pair and the relationship between any two users can be revealed through an operation on their corresponding keys. In addition to the security provided by the policy, the new mechanism manifests several advantages over the previous methods in the literature. Among its merits are (1) simple and quick operations performed to determine user relationships, (2) less storage requirements, and (3) a high degree of dynamism that allows easy addition and deletion of user keys without affecting most of the existing keys in the user hierarchy. The relevance of the new KTK scheme to organizations and its implications for potential business applications are also discussed.

Reviews

Required fields are marked *. Your email address will not be published.