Cryptography-based hierarchical access control has received considerable attention, particularly in recent years. Since its conception, various enforcement schemes have been proposed that address the performance issues and various access control policies from different perspectives, such as the temporal domain or the geospatial domain. In this paper, Crampton presents a systematic, formalized, and unified treatment on the performance and efficient cryptographic enforcement of both temporal and geospatial access control policies under a generalized framework--interval-based access control.
The paper provides the following main contributions to the field. First, it generalizes the enforcement of temporal access control and geospatial access control by unifying the two problems with the enforcement of a uniform interval-based access control. Second, it formally proves tight and exact bounds on the complexity of interval-based access control schemes using cryptography in terms of concrete, number-based, explicit, and accurate results rather than just asymptotic bounds. Third, it provides practical, simple, concrete constructions for such interval-based efficient schemes.
Besides the introduction and conclusion, the paper consists of four parts. Part 1 introduces relevant background material; defines the meaning of an interval-based access control policy; and describes the problem of cryptography-based enforcement for interval-based access control policies using key assignment schemes. Part 2 discusses temporal access control policies. A general result is formally stated and mathematically proved, and some special cases of the general result are explored. The relevant work related to temporal access control policies using cryptography is also included and discussed in this part.
In part 3, the author considers the case of enforcement of geospatial access control policies using cryptography by employing a structure like that of part 2, including a formal proof of a general result, consideration of some special cases, user possession of more than one key, and the related work. In part 4, the author generalizes temporal and geospatial access control to interval-based access control. Formally, interval-based access control policies are defined on a hyper-interval space of dimension k, and an element is a k-dimensional hyperrectangle in the hyper-interval space. Protected objects are associated with a “trivial” hyperrectangle [x1,x1]x[x2,x2]x...x[xk,xk], and users are associated with a hyperrectangle [x1,y1]x[x2,y2]x...x[xk,yk]. A user with hyperrectangle [x1,y1]x[x2,y2]x...x[xk,yk] is authorized for an object with [z1,z1]x[z2,z2]x...x[zk,zk] if and only if zi belongs to [xi,yi] for all i. In the rest of this part, the author formally proves various properties and general results about this interval-based access control model. Specifically, the temporal access control is a special case of the interval-based access control when k=1, and the geospatial access control is a special case of k=2.
One prominent feature of this paper is its formal treatment of the problem and its solution--the formal definition of the interval-based access control problem and rigorous proof of the properties and complexities of enforcement schemes for interval-based access control policies using cryptographic mechanisms in an accurate and mathematical manner. Thus, it subsumes a substantial amount of existing works in the literature.
