Key management for role hierarchy in distributed systems

As distributed computing systems grow in size, complexity and variety of applications, the protection of sensitive data against unauthorized disclosure and tampering becomes increasingly important. In this paper, a cryptographic Role-Based kEy Management (RBEM) is developed for the access control in distributed systems. This paper presents features of the RBEM that includes simple rules for key generation, key managements for dynamic hierarchy, algorithms for key generation/modification, and procedures of object assignments. The RBEM is extended from its prime design for one local domain to the design for multiple local domains. The RBEM is decentralized such that each local domain is managed by its local domain security administrator and modifications in any local domain do not affect the keys of roles or objects in other local domains. This paper presents a platform for the comprehensive assessment of the RBEM for the role-based access control. Compared with typical key-management methods, the RBEM updates much less number of keys for the roles and objects when new roles are added to the role hierarchy. This paper presents three typical case studies for illustrating the efficiency of the RBEM.