A novel access control method using Morton
number and prime factorization
Henry Ker-Chang Chang
a,*, Jing-Jang Hwang
b,
Hsing-Hua Liu
baDepartment of Information Management, Chang Gung University, Taoyuan, Taiwan, ROC
bInstitute of Information Management, National Chiao Tung University, Hsinchu, Taiwan, ROC Received 3 March 1999; received in revised form 1 March 2000; accepted 15 July 2000
Abstract
A novel scheme used for controlling access requests in security information system is proposed. In the proposed method, the system administrator chooses distinct prime numbers representing each atomic access right as well as four large prime numbers for encryption. By setting these representative prime numbers as input parameters, the proposed method applies a one-way function combining the Morton number theory transferring into a single value to derive the encrypted compound privilege (ECP). With ECP, veri®cation of right of access can be achieved easily and secretly. Meanwhile, the proposed scheme provides the following advantages: (1) the veri®cation of right of access can be eectively implemented using the Morton sequence with coordinate transformation; (2) the problem of dynamic access control also can be eectively im-plemented; (3) integrity and con®dentiality while controlling system resources can be ensured; (4) the proposed method can decrease the redundancy of the access matrix in some speci®c circumstances. Ó 2000 Elsevier Science Inc. All rights reserved.
1. Introduction
The Internet and Intranet established a foundation for the global commu-nity and remote access to resources in networks are very popular today. In
www.elsevier.com/locate/ins
*Corresponding author. Address: P.O. Box 7-12, Chung-Ho, Taipei, Taiwan, ROC; Tel: +886-3-3960947; fax: +886-2-22232876.
E-mail addresses: changher@mail.cgu.edu.tw (H.K.-C. Chang), u8434803@cc.nctu.edu.tw (H.-H. Liu).
0020-0255/00/$ - see front matter Ó 2000 Elsevier Science Inc. All rights reserved. PII: S 0 0 2 0 - 0 2 5 5 ( 0 0 ) 0 0 0 7 3 - 6
open environments, security systems must have ability to authorize of re-quested operations; this is the security problem of access control. More spe-ci®cally, access control is a core function for information system security. The access control model oers a framework for describing the protection mech-anism. The initial model was introduced by Graham and Denning [1]. In this model, the state of an information protection mechanism is de®ned by a triple (S,O,A), where S is the set of subjects which are active entities of the model, O is the set of protected objects and A is an access control matrix, in which each column consists of subjects representing human or programs, and each row consists of objects representing ®les or records. An entry aij for AS; O
de-scribes the right of subject Si to access object Oj. The access right de®nes the
kind of authorized access to the object where r(read), w(write), and e(execute), o(owner), a(append) etc. All these rights are generic and can be combined together for a subject. For example, an object may be applied for right of access in r, w and e separately, or various combinations may be used. A simple access control matrix as shown in Fig. 1 is used to specify rights of subjects to access objects. For example, the subjects S1, and S2 have `read' and `write'
access rights to object O1 while S1 is the owner of object O3.
Based on Graham and Denning's abstraction protection model, Wu and Hwang [2] proposed a single-key-lock (SKL) mechanism in which there is only one key for each subject and one lock for a each object. To derive an access right aij for subject to an object, a function f of a key and lock is used;
mathematically, f Ki; Lj aij.
Several relevant methods have appeared in the literature which are based on SKL work. Chang [3,4] proposed two methods based on the Chinese remainder theorem and Euler's theorem, respectively. Laih et al. [5] used a Newton in-terpolating polynomial to design another method in 1989 while Chang and Jiang [6] presented a binary version of Wu and Hwang's method. Hwang et al. [7] proposed a new SKL scheme using prime factorization. In Hwang's scheme, each subject Si is assigned a distinct prime as the key Ki, and a lock Lj is
produced as LjQmi1 Kiaijfor the object Oj, where aijis the right of subject Si
to access object Oj. Since a lock is the product of some prime powers, it can
easily exceed the limited range of the largest integer allowed in a computer system. Hwang et al. used to decompose each lock value into an X-based representation to solve this problem, where X can be any integer. Chang et al. [8] proposed a scheme based on binary coding and prime factorization. In Chang's method, each access right aij can be represented by a binary form.
Again, each user Uiis assigned a distinct prime as the key Ki. The lock vector Lj
is produced as (Lj b; Lj b ÿ 1; . . . ; Lj 1), where Lj x Qmi1 Kia x
ij . There is a
problem of over¯ow, which is inevitable a xij 's 2 f1g.
In order to evaluate the eectiveness and eciency of an SKL scheme, the following six criteria are considered [7]:
1. the eort involved in initializing keys and locks;
2. the eort involved in computing an access right from a lock and key; 3. the eort involved in revising keys and locks when an access right is
modi-®ed;
4. the eort involved in appending and updating keys and locks when a new user or ®le is added;
5. the eort involved in removing and updating keys and locks when a user or ®le is deleted;
6. the space needed for storing keys and locks.
These criteria are, therefore, generally applied in performance evaluation of and comparison among various schemes. In this paper, we intend to develop a new method based on the Morton sequence and prime factorization to improve schemes derived by Hwang and Shao [7] and Chang and Lou [8]. According to the six criteria, our method has better performance than the works in [7] and [8]. In particular, the proposed method has a compression eect on the matrix in some speci®c circumstances, which decreases redundancy in the access matrix.
The rest of this paper is organized as follows. The Morton sequence is in-troduced ®rst in Section 2; it helps the proposed method work eectively. In
Section 3, we describe the proposed method ®rst, and then algorithms are developed for physical application. In Section 4, the performance of the pro-posed method is analyzed and compared with that of other schemes. Conclu-sions and directions for future research are given in Section 5.
2. Morton sequence
Morton [9] proposed the addressing scheme commonly referred to as Morton sequencing. Morton sequencing is created by interleaving the bits of the binary representations of the x and y coordinates (each represented by a ®xed number of digits) of a speci®c position in the matrix. Fig. 2 using 3-bit binary representation gives a simple example. Each sequence of an element is formed by the y-axis and x-axis, such that the y-axis bit is prior to the x-axis bit. The sequence at (3,2) is 13 since 2 0102 and 3 0112, so the inter-leaving 001101 is 1310. On the other hand, the sequence 55 has the binary form 110111, in which the odd-numbered bits 101 are the y-axis and the even-numbered bits 111 are the x-axis, so the coordinates are (7,5). From Fig. 2, it is clear that the Morton sequence in a square matrix which follows a scanning order like the character `Z'.
3. The proposed new method
This section shows our design for access control in a security environment. The server workstation resides a security manager whose job is to monitor and maintain the access control mechanism. A user from a client node has to de-liver a request to ®nd an opportunity to access the resources in the system. Section 3 comprises three parts. Firstly, the design for the access control mechanism will be developed. Secondly, the veri®cation procedure will be proposed. Finally, the design for dynamic access control will be presented. 3.1. The design for the access control mechanism
3.1.1. Basic mechanism
The following will explain how a one-way function can be designed in which the relationship of the Morton sequence and associated access rights within access matrix are embedded.
Step 1: Creating compound access rights. Consider Amn as an access control
matrix, where m is the number of subjects, n is the number of objects, and the access right aij is the i; jth element of Amn for the subject Sito the object Oj,
which is composed of atomic access rights, such as read, write, execute, append etc. The system manager chooses distinct prime numbers p for each atomic access right. Thus, the scope of a subject's authorized operations, aij, can be
considered as a compound access right, which is derived through multiplication of a series of prime numbers
aij
Y
p: 1
Step 2: Morton sequence transformation. In this step, we assign each aij as a
distinguishable Morton number z. According to the Morton sequence, the sequence can be derived as described in Section 2. In other words, the sequence az has an access value aij, which represents the access right for a subject Si to
objects Oj.
Step 3: One-way function transformation. The security manager chooses four prime numbers, q1; q2; q3; and q4, for key identi®cation. Thus, a one-way
function can be used to transform az and qt to derive encrypted compound
privilege (ECP). It can be represented in the following form: ECPs
Yz3 z4 sÿ1
qaz
t ; where t 1; 2; 3; 4;
s 1; 2; 3; . . . ; n and az represents the access value of aij
at Morton sequence z: 2
Using Eq. (2), we can see that ECP applies four keys to encrypt subject± object speci®c access control information. The purpose of ECP is to prevent
from improper authorization Ti access system resources. Once the system administrator computes all the ECP values from the access matrix, the ad-ministrator can store and maintain the ECP values locally on a server work-station.
For example, consider an access control matrix AS; O with access rights aij
from eight subjects and objects A88as shown in Fig. 3. The contents of Fig. 3
come from the mapping of Fig. 1. First, the system manager chooses distinct prime numbers for each atomic access right, such as read 2, write 3, execute 5, owner 7, and append 11. The compound access rights in the access matrix can be derived as a00 6 2 3, a01 2; a02 7; . . . ;
a26 10 2 5. Second, given each aijin the access matrix as a distinct Morton
number z, such as the Morton sequence a0has value of access right a00; a1has
value a01; a2 has a value a10, etc. Finally, the security manager chooses four
prime numbers, such as q1 2; q2 3; q3 5 and q4 7, as keys of
identi-®cation. Using Eq. (2), the corresponding ECP values can be computed as follows:
Once the system manager computes the ECP values, the matrix can be dis-carded. Only the ECP values are stored and maintained.
ECP1 26 32 56 70 9 000 000 ECP5 26 30 50 75 1 075 648
ECP2 27 30 50 72 6272 ECP6 23 31 53 73 1 029 000
ECP3 23 30 52 72 9800 ECP7 20 35 52 76 714 717 675
ECP4 211 30 50 70 2048 ECP8 210 36 53 72 4 572 288 000
Once the content of the access matrix is determined and computed as ECP values by the security manager, the procedures for verifying access requests is developed. In addition, dynamic access control methods are also provided. 3.2. Veri®cation of access requests
Suppose that the subject Si wants to access the object Oj using the access
request r. He/she issues the request triple Si; Oj; r. Two procedures need to be
performed:
1. Find the Morton sequence z, in which the value aij corresponding to Siand
Ojin the access matrix can be found.
2. Perform Algorithm A (Authorization±Validation procedure) below using a one-way function f qt; ECPs to compute the compound access rights aij,
where theqt and ECP values can be derived from the Morton number az.
If the derived result r is a factor of the ECP, then the access request is ac-cepted. In other words, if the request is granted, then the request r should be a factor for the ECP values.
Algorithm A (Authorization±Validation procedure qt; ECPs).
Input (Si, Oj; r), where
(1). Find az from procedure (1)
(2). Derive ECPs; qt where t z mod 4 1; s z=4 1
Set: var T, Q, R, X: integer; X 1 Step 1: T ECPs;
Step 2: Q T =qt; R T mod qt;
// Set Q be the quotient, and set R to be the remainder.// Step 3: if (Q > 1) and (R 0) then {X X 1; T Q; goto Step 2;} Step 4: output X; //compound access right aij.//
Step 5: if rjX exist, then accept the request r, otherwise reject it.
After the iteration of Step 3 and Step 4, the compound access right of aij is
kept in X. For example, when the subject S0requests a read operation (r 2) on
the object O0, described as Si; Oj; r S0; O0; 2, we derive a Morton sequence
for a00 is 0(z 0). Then, via Algorithm A, the system administrator gets
qt q1 2, and ECP value ECP1 9 000 000. Finally, the output X is
computed as f qt; ECPs 6, in which the request r `2' is a factor of `6';
then, the access request is accepted. 3.3. Dynamic access control
In order for the administrator to be able to maintain the access matrix, dynamic access control, including modi®cation of access rights, insertion of subjects/objects, and deletion of subjects/objects, is required. The following sections describe this control details.
3.3.1. Modi®cation of access rights
Consider the situation in which an access right is changed from aij to a0ij.
Here, only the corresponding ECP values for a0
ijshould be updated; other ECP
values remain to the same ECP0
s ECPs q a 0 ijÿaij
t ; where t zmod 4 1 and s z=4 1:
For example, suppose the compound access right a00 6 (read and write) is
changed to 10 (read and execute). First, we derive a Morton sequence, where a00
is 0; then, the system administrator gets the identi®cation key qt q1 2 and its
corresponding ECP values ECP1 9 000 000, where t 0 mod 4 1
1; s 0=4 1 1. The new ECP value for the modi®ed access right is computed as follows:
ECP0
1 9 000 000 2 10ÿ6 9 000 000 24 144 000 000:
3.3.2. Insertion of subjects/objects
There are two possibilities to consider: the ®rst one is to add a subject to the access matrix; the second one is to add an object. To insert a new subject Sm1
into the access matrix, where the corresponding access rights are a m1;j for
j 1; 2; . . . ; n, the proposed scheme needs to calculate the new ECP values only, without modifying all of the existing ECP values. Due to the character-istic of the Morton sequence within the access matrix, only qtand qt1are used
to insert a new subject.
The algorithm for inserting the new subject is shown below. When a new subject is added, the administrator gets qt and qt1 ®rst and then sets them as
inputs for Algorithm B.
Algorithm B (//Inserting subjects //). Input (a m1;j; qt; qt1)
Output (ECP0 s)
Begin
for j 1 to n //* n is the number of objects in the access matrix*// Find the Morton number z for each input a m1;jand a m1;j1
Derive t z mod 4 1 s z=4 1 ECP0
s qatz qat1z1
j j 2 /* each time, two access rights are computed at the same time */ end.
For example, suppose a new subject S8is added to the system for which the
corresponding access rights are a80 5; a81 2; a82 3; a83 3; a84 5;
a85 7; a86 7; and a87 7 by performing Algorithm B, such that the new
ECP0 33 25 32 288; ECP0 34 23 33 216; ECP0 37 25 37 69 984; ECP0 38 27 37 279 936:
To insert a new object On1 into the access matrix, and the access rights are
ai; n1 for i 1; 2; . . . ; m, and the proposed method needs to calculate the new
ECP values only. The computed Morton sequence z for each added aij is
de-rived as az ®rst, and only qt and qt2 are used to insert a new object. The
al-gorithm for inserting a new object is shown below. When a new object is added, the administrator gets qt and qt2 ®rst, and then sets them as inputs for
Algorithm C.
Algorithm C (//Inserting objects//). Input (ai; n1; qt; qt2)
Output ( ECP0 s)
Begin
for i 1 to m //* m is the number of subjects in the access matrix * // Find the Morton number z for each input ai; n1 and ai1; n1
Derive t z mod 4 1 sz=4 1 ECP0
s qatz qat2z2
i i 2 /* each time, two access rights are computed at the same time */ end.
For example, suppose a new object O8 is added to the system for which the
corresponding access rights are a08 5; a18 2; a28 3; a38 3; a48 5;
a58 7; a68 7, and a78 7 by performing Algorithm C, such that the new
ECP values are computed as follows: ECP0 17 25 52 500; ECP0 19 23 53 1000; ECP0 25 25 57 2 500 000; ECP0 27 27 57 10 000 000:
Fig. 4 gives an example which helps to explain how corresponding ECP values can be calculated when new subjects/objects are inserted into access control matrix.
3.3.3. Deleting subjects/objects
To delete a subject Sr from the access matrix of a system and remove the
method requires that ECP values corresponding to each ar;j be recomputed.
The algorithm for deleting a subject is shown below. When a subject is deleted, the administrator gets qt and qt1 ®rst, and then sets them as inputs for
Algorithm D.
Algorithm D (//Deleting Subjects.//). Input (Sr; Oj; qt; qt1)
Output (ECP0 s)
for j 1 to n // n is the number of objects in the access matrix // Find the Morton number z for each input arj with Sr; Oj
Derive t z mod 4 1 s z=4 1 Step 1: T ECPs; W qt
Step 2: Q T =W ; R T mod W
Step 3: if (R 0) then fT Q; Goto Step 2; g else {T Q; W qt1; Goto Step 2;}
until {R 6 0;}//output Q as ECP0 s.//
j j 2 /* each time, two access rights are computed at the same time */ end.
For example, assume that the subject S2 is deleted from the system. In Fig. 5,
we see that the ECP values for S2corresponding to Ojare ECP3; ECP4; ECP7, Fig. 4. The results of inserting a subject/object into the access control matrix.
and ECP8. These ECP values will be modi®ed. Using Algorithm D, the
modi®ed values of the ECP values are recomputed as follows: ECP0 3 9800=23=30 1225; ECP0 4 2048=211=30 1; ECP0 7 714 717 675=20=35 2941225; ECP0 8 4 572 288 000=210=36 6125:
Now, an object Or is to be deleted from the access matrix, so the
corre-sponding access rights, such as ai;rfor i 1; 2; . . . ; n; have to be deleted. Again,
the proposed method requires that the ECP values for the corresponding access right of ai;r be recomputed. The algorithm for deleting an object is shown
below. When an object is deleted, the administrator gets qtand qt2 ®rst, and
then sets them as inputs for the Algorithm E. Algorithm E (// Deleting Objects.//).
Input (Si; Or; qt; qt2)
Output (ECP0 s)
for i 1 to m==m is the number of subjects in the access matrix // Find the Morton number z for each input air with Si; Or
Derive t z mod 4 1 s z=4 1 Step 1: T ECPs; W qt
Step 2: Q T =W ; R T mod W
Step 3: if (R 0) then fT Q; Goto Step2; g else {T Q; W qt2; goto Step 2;}
until {R 6 0;}//output Q as ECP0 s.//
i i 2 /* each time, two access rights are computed at the same time */ end.
For example, assume that the object O3is deleted from the system. In Fig. 5,
we see that the ECP values corresponding to O3 and the subjects Si are
ECP2; ECP4; ECP10, and ECP12. These ECP values have to be modi®ed.
Using Algorithm E, the modi®ed values of ECP are recomputed as follows: ECP0 2 6272=30=72 128; ECP0 4 2048=30=70 2048; ECP0 10 44100=32=72 100; ECP0 12 44100=32=72 100:
4. Performance analysis and comparison
There is always a serious problem of storing the access matrix for any access control mechanism. The problem appears either as a sparse matrix or occu-pation of a large amount of storage space. Compression of the access matrix is desirable if it is possible. The proposed scheme has the advantage of being able to compress the matrix. The reduction of the amount of required is due to the compression of ECP values. In this section, storage compaction will be ®rst described. The comparative advantages from the six criteria for the proposed method will also be illustrated.
4.1. Storage space compression
Situation may occur in which the identical level of access rights for a group of subjects may be compressed; e.g., all the students in a group have a common access authorization and are assigned to a speci®c directory. Fig. 6 shows this situation for subjects from S4to S7who have a common access right `2' to O2
and O3; as a result, we can compress these data from ECP9 to ECP12 into
ECP9 C, in which (C) represents a compressed right. The value of the new ECP
is identical to that of the previously computed 44 100. Meanwhile, the vali-dation of access requests from S4to S7follows the same procedure for verifying
authorization described above. In this case, the security manager does not require to manage each access right separately; the new ECP C will be used to
4.2. Performance comparisons
In this section, the performance of the proposed method will be analyzed and compared with that of other SKL schemes based on the set of six criteria [7]. Previous methods will be brie¯y discussed. They will be summarized in six tables below.
4.2.1. Eort involved in initializing keys and locks
Table 1 deals with initialization of m keys and n locks. Solving sets of linear equations is time-consuming in the schemes developed by Wu and Hwang [2] and Chang and Jiang [2,6]. Two methods developed by Chang [3,4] have to solve the same over¯ow problem previously mentioned and may require ap-plication of the decomposition technique. Although the scheme in [8] based on binary coding and prime factorization can avoid the over¯ow problem, the over¯ow problem while the Lock value was calculated will occur in the worst case when the binary value x 1. However, our method requires only four
keys to generate ECP values. The over¯ow problem can be avoided no matter whether or not the subjects and objects propagate.
4.2.2. Eort involved in computing an access right from a lock and key
The numbers of operations needed to ®nd access rights for various schemes are listed and compared in Table 2. Hwang et al.'s method [7], Chang's method [8] and our method need only a constant number of operations to compute access rights while others require a number of operations which is proportional to m (i.e., the number of users).
4.2.3. Eort involved in revising keys and locks when an access right is modi®ed For modi®cation of access rights, Table 3 shows that Hwang and Shao's [7] and Chang's [8] methods can modify the original key or lock value to obtain a new one. Our method only needs to modify the original ECP value; hence, the recomputation eort is smaller than that required by the other methods. Modi®cation in two methods by Chang's [3,4] are, however, more complex due to computations of xj; Mjand L.
Table 1
Initialization of the keys and locks
SKL schemes Eort involved in initializing keys and locks
Wu and Hwang [2] Given m keys, solve n sets of m linear equations for n lock vectors
Chang, 1986 [3] Given n locks, compute KiPnj1 L=Lj xj aijmod L for m keys Chang, 1987 [4] Given n locks, compute KiPnj1daij Lj=ne n Mjfor m keys Laih et al. [5] Given m keys, compute Lj x Pmi1GziQiÿ1s1 x ÿ Ks for n lock vectors Chang and Jiang [6] Given m keys, solve n sets of bm 0±1 linear equations for n lock matrices Hwang et al. [7] Given m keys, compute LjQmi1Kiaijfor n locks in the X-based form
Chang, 1997 [8] Given m keys, compute Lj xQmi1K
a x ij
i for x 1; 2; . . . ; b and j 1; 2; . . . ; n
Our method Given 4 keys, compute ECP values Qz3
z4 sÿ1qatz, where t 1; 2; 3; 4
Table 2
Computation of the access rights
SKL schemes Operations needed to compute the access right aij
Wu and Hwang [2] m multiplications, m ÿ 1 additions and one division
Chang, 1986 [3] One division
Chang, 1987 [4] Two divisions and one subtraction
Laih et al. [5] i ÿ 1 multiplications, i ÿ 1 additions and one division
Chang and Jiang [6] bm ANDs and b m ÿ 1 XORs
Hwang et al. [7] 6 amax(X-based) divisions (amax: maximal value of access right)
Chang's, 1996 [8] b divisions
4.2.4. Eort involved in appending and updating keys and locks when a new user or ®le is added
The appendability and removability properties listed in Tables 4 and 5 might be critical issues for dynamic access control in practical applications. For ap-pendability, Laih et al.'s scheme [5] is best because it satis®es both user and ®le appendability. In our method, when a new subject is added, it recomputes only the ECP values of corresponding accessible objects instead of all the ECP values; when a new object is added, it recomputes only the ECP values of the corresponding accessible subjects, so the proposed method is still easy to im-plement.
Table 4 Appendability
SKL schemes User appendability File appendability
Wu and Hwang [2] Recompute all lock vectors Yes
Chang, 1986 [3] Yes Recompute all keys
Chang, 1987 [4] Yes Recompute all keys
Laih et al. [5] Yes (add a coecient to each lock
vector) Yes
Chang and Jiang [6] Recompute all lock matrices Yes
Hwang et al. [7] Recompute the locks of accessible
®les only Yes
Chang, 1997 [8] To add user Um1, recompute the
elements of lock vector for a x
m1j 1 only
Yes
Our method To add subject S m1recompute the
elements of ECP values for s 1 to n=2
To add object O n1 recompute the elements of ECP values for s 1 to m=2 Table 3
Modi®cation for access rights
SKL schemes Eorts involved in changing the access right aijto a0ij
Wu and Hwang [2] Solve a new set of m linear equations for new locks L0
j Chang, 1986 [3] Recompute Ki Ki L=Lj xj aijÿ f Ki; Lj mod L Chang, 1987 [4] Recompute KI Ki a ij Lj=nÿ f K i; Lj Lj=n n Mj
Laih et al. [5] Recompute the m ÿ i 1 coecients Gj
i for Lj
Chang and Jiang [6] Solve a new set of bm 0±1 linear equations for Lj
Hwang et al. [7] Recompute Lj Lj Ki a
0 ijÿaij Chang, 1997 [8] Recompute Lj x Lj x Kia 0 x ij ÿa xij for x 1;2;...;b
Our method Recompute ECP0
s ECPs q a
0 ijÿaij
t for
4.2.5. Eort involved in removing and updating keys and locks when a user or ®le is deleted
For removability, as a subject Siis deleted, Wu and Hwang's [2], Chang's [3]
and Jiang's [5] methods need to recompute all the locks while our method only needs to recompute the ECP values of the corresponding accessible objects instead of all the ECP values when a new object is deleted. In short, the re-computation eort required by our method is relatively small when a subject or object is added to or removed from the system.
4.2.6. Space for storing keys and locks
The required storage space for keys and locks is compared in Table 6. Note that O(m n) in Chang's [3] method is obtained by ignoring the over¯ow issue.
Table 5 Removability
SKL schemes Subject removability Object
removabili-ty
Wu and Hwang [2] Recompute all lock vectors Yes
Chang's, 1986 [3] Yes Recompute all
keys
Chang's, 1987 [4] Yes Recompute all
keys
Laih et al. [5] To delete Ui, recompute (m ÿ i) coecients
of all for deleting Yes
Chang and Jiang [6] Recompute all lock matrices Yes
Hwang et al. [7] Recompute the locks of accessible ®les only Yes
Chang, 1997 [8] To delete user Um1, recompute the
elements of lock vector for a x
m1j 1 only Yes
Our method To delete subject S m1, recompute the
elements of the ECP values for s 1 to n=2 To delete objectO n1, recompute the elements of the ECP values for s 1 to m=2
Table 6
Storage requirement
SKL schemes The complex of the required
Wu and Hwang [2] O m2 mn
Chang, 1986 [3] O m n
Chang, 1987 [4] O m n
Laih et al. [5] O mn
Chang and Jiang [6] O m2 bmn
Hwang et al. [7] O mn
Chang, 1997 [8] O mn
The storage requirement required by Hwang's [7] and Chang's [8] methods is not less than O(mn). In our method, the keys are bounded by four large prime numbers. Let l be the longest among all the elements of the ECP values, and let qmaxbe the maximal key value. ECP values Qz3z4 sÿ1qatz6 2w, where w is the
bit-length of an integer allowed in a computer system. Since the amount of ECP is bounded by access matrix Amn such as (m/4) or (n/4) a matrix of
max(m,n). Storage for ECP values is hence max O m; O n. 5. Conclusions
We have proposed a novel scheme for controlling access requests in a secure information system. Based on prime factorization and the Morton sequence, we have presented an improvement of Hwang et al.'s [7] and Chang et al.'s [8] SKL methods. Dierent from the conventional SKL scheme, the over¯ow problem while computed ECP does not occur in our scheme. Based on six criteria, the proposed scheme is considerably better for access control than most of the other comparable schemes. The convenient way in which it mod-i®es ECP values while adding or removing objects/subjects is also impressive. Furthermore, with our compression method, the proposed scheme is suitable for implementing a large access control matrix in a distributed computer sys-tem.
Future work may include an attempt to extend the proposed idea to inte-grate both authentication and authorization in a security system. We could choose a distinct prime number to represent each entity-identi®cation and access right, then computed as ECP. An ECP would be assigned to each en-tity's identi®cation and stored in a place where the user who must access to information resources. The proposed method implies entity identi®ers and authorization operations. On receiving the subject requested, the systems manager would verify the subject's identity and its authorization operations by referring to the corresponding ECP value. This would greatly improve integrity and con®dentiality in access control systems.
References
[1] D.E.R. Denning, Cryptography and Data Security, Addison-Wesley, Reading, MA, 1982. [2] M.L. Wu, T.Y. Hwang, Access control with single-key-lock, IEEE Trans. Software Eng. 10 (2)
(1994) 185±191.
[3] C.C. Chang, On the design of a key-lock-pair mechanism in information protection systems, BIT 26 (4) (1986) 410±417.
[4] C.C. Chang, An information protection scheme based upon number theory, The Comput. J. 30 (3) (1987) 249±253.
[5] C.S. Laih, L. Harn, J.Y. Lee, On the design of a single-key-lock mechanism based on Newton's interpolating polynomial, IEEE Trans. Software Eng. 15 (9) (1989) 1135±1137.
[6] C.K. Chang, T.M. Jiang, A binary single-key-lock system for access control, IEEE Trans. Comput. 38 (10) (1989) 1462±1466.
[7] J.J. Hwang, B.M. Shao, P.C. Wang, A new access control method using prime factorization, The Comput. J. 35 (1) (1992) 16±22.
[8] C.C. Chang, D.C. Lou, A binary access control method using prime factorization, Informatics Comput. Sci. 96 (1997) 15±26.
[9] G.M. Morton, A computer oriented geodetic database, and a new technique in ®le sequencing, IBM Canada Ltd, March 1 (1966).