Phillips, TylerYu, XiaoyuanHaakenson, BrandonZou, Xukai2020-12-232020-12-232019-12Phillips, T., Yu, X., Haakenson, B., & Zou, X. (2019). Design and Implementation of Privacy-Preserving, Flexible and Scalable Role-Based Hierarchical Access Control. 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA), 46–55. https://doi.org/10.1109/TPS-ISA48467.2019.00015https://hdl.handle.net/1805/24720In many domains, organizations must model personnel and corresponding data access privileges as fine-grained hierarchical access control models. One class of such models, Role-based Access Control (RBAC) models, has been widely accepted and deployed. However, RBAC models are often used without involving cryptographic keys nor considering confidentiality/privacy at the data level. How to design, implement and dynamically modify such a hierarchy, ensure user and data privacy and distribute and manage necessary cryptographic keys are issues of the utmost importance. One elegant solution for cryptography-based hierarchical access control combines the collusion-resistant and privacy-preserving Access Control Polynomial (ACP) and Atallah's Dynamic and Efficient Extended Key Management scheme. Such a model involves cryptographic keys used to encrypt data, can address confidentiality/privacy at the data level and can efficiently support dynamic changes to the RBAC access hierarchy. In this paper, we discuss several implementation challenges and propose solutions when deploying such a system including: data encryption and decryption, key storage and key distribution. Furthermore, we provide analysis of the efficiency and scalability of the resulting system.enPublisher Policycryptography-based hierarchical access controlkey managementsecure group communicationConference proceedings