Information Technology Reference
In-Depth Information
of role specifications. Our work is related to the technique used for group key man-
agement [8,9]. In the experimental section, it is shown that our method can enhance
the performance.
The rest of this paper is organized as follows. In the next Section, we describe the
secure role group model. In Section 3, the group communication model for updating
role specification is presented. In Section 4, the performance of our method is shown.
In Section 5, we conclude.
2 Secure Role Group Model
The ITU-T X.509 Recommendation (ISO/IEC 9594-8)[2] and the IETF RFC 3281 [4]
define AC. Specific privileges are assigned to a role name through role specification
certificate. The level of indirection enables the privileges assigned to a role to be
updated, without impacting the certificates that assign roles to individuals. We make a
chain of role specification certificates.
For structuring role specification certificates, we make role groups different to the
subject groups. The structure of the role groups differs from that of the delegation of
roles [2]. It gathers common roles and builds the trust structure. It forms the tree
structure. The chain of role specification certificates can incur the overhead when a
subject is going to use some privileges. The problem can be solved using coherent
caching of role specification certificates [5]. Possible increase in increased admini-
stration and key management effort do not exceed the performance gain using attrib-
ute certificate [5]. In highly distributed environment, the distribution of the specifica-
tions of roles is inevitable. In this paper, only the change of the role specification
certificates is considered when the roles update. For the case that the role groups are
distributed geographically and the role specifications are changed, the performance
enhances. If the role group is not used, the role holder should possess all the role
specifications. In this case, the application of the role can be done directly without
following the role specification certificates. However, each subject should have all the
role specification certificates, and the small memory devices commonly used in ubiq-
uitous computing environment cannot afford it.
3 The Communication Model for Updating of Role Specification
Updated role specification certificates are delivered by the multicast communication.
The distribution of updated role specification certificates of our method can be mod-
eled as following:
R
: the number of roles
G
: the maximum number of the lowest level role groups,
∑
i
R
1
S
: the maximum number of the lowest level role specification certificates,
S
=
G
g
: role group
i
s
: role specification certificate related to role group
=
i
g
