Some specific information or resources only can be accessed by authorized users. Discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC) are three main classes of access control policies. MAC and RBAC are more secure than discretionary access control because a system instead of an object's owner determines the policy. MAC is appropriate for multilevel applications with high security requirements such as military ones, while RBAC provides security and business benefits. Most institutions, companies, and governments are multilevel, so relationships between roles or security levels tend to be hierarchical. In this work, an access control mechanism, providing explicit transitive exception and antisymmetric arrangement, is proposed to provide flexible and appropriate solutions to hierarchical relationships. For practicability, no access control policy is strictly constrained in the proposed mechanism such that security classes can be determined according to specific requirements. The proposed mechanism employs an elliptic curve cryptosystem and a two-layer hash approach to ensure security and computation efficiency.

• 出版日期2015-1-25