Access control plays an important role in the area of information security, which guarantees that any access to data is authorized. Hierarchical access control is a special access control model in distributed environment, in which each user protects his local data using a secret key; moreover, for any two related users ui and uj, ui can access uj's data if, and only if, ui's priority is higher than uj. Therefore, there should be a way for ui to obtain the secret key of uj if ui's priority is higher than uj. This paper presents an efficient solution to the problem. A special kind of function called secure filter is used as the building block of the proposed solution. In the solution, an authorized user can acquire correct keys efficiently and securely via secure filters. The proposed solution is also well-performed while inserting/deleting users, injecting/removing relations, and changing secret keys. Especially, only deleting users and removing relations will change some keys in the system, other operations can be performed freely without affecting other keys in the system; only secure filters need to be modified in these cases.

In 1996, Chiu and Hsu proposed a multi-role-based access control (MRBAC) policy. Nevertheless, the Chiu-Hsu scheme can be further enforced by role list, union, and intersection (i. e. containment) to deal with the problems regarding the MRBAC and the object role with different security ranks. The author presents an improvement of the Chiu-Hsu scheme using more detailed list structure. This improvement offers some significant advantages.

This letter presents a cryptographic key assignment scheme for dynamic access control in a hierarchy. A scheme for extending a previous cryptographic key assignment scheme to reduce the computation required for key generation and derivation algorithms is also proposed.

A novel cryptographic key assignment scheme for dynamic access control in a user hierarchy is presented. Based on Rabin's public key system and Chinese remainder theorem, each security class SCi is assigned a secret key Ki and some public parameters. In our scheme, a secret key is generated in a bottom-up manner so as to reduce the computation time for key generation and the storage size for public parameters. We also show that our proposed scheme is not only secure but also efficient.