A Novel Dynamic Role-Based Access Control Scheme in User Hierarchy

Role-based access control is an important mechanism to prevent the unauthorized access in terms of roles. User hierarchy is an efficient structure to express the relations between different roles. The combination between role-based access control and the user hierarchy is required in different context, especially in open internet environment where the published or delegated data are encrypted for privacy. In this paper, we propose a novel role-based access control scheme in user hierarchy, which can implement dynamic access control in open internet environment. Our approach is implemented by using one-way hash function to avoid the leakage of keys from different roles, by using a hashed value as the identifier of a role and by using derivation function to derive keys in the lower hierarchy from the keys in the upper hierarchy. The key generation, identifier computation and key derivation is quite simple, and the parameters remembered by users are fixed.