Efficient large-scale access control for Internet/intranet information systems

Access control is a key problem for information processing, especially in a distributed environment such as the Internet and intranet, where a large amount of diverse information resources within an enterprise will be made available for groups of diverse users to query. Information documents such as technology secrets and personal records are sensitive and should be accessible to a select group of users based on their position in a company or an organization or even based on how much the user is paying to maintain his/her right for information access. The access control problem, informally, is to determine which user is allowed to access what information. Access control for Internet information processing, in contrast to access control in a traditional operating system, has higher demand in dealing with a much larger scale problem in real time, due to the large amount of information and number of users in the Internet/intranet environment. We present an efficient method for the access control problem in which there are a large number of users and access groups. The main ingredient of our method is a representation of a hierarchical access group structure in terms of intervals over a set of integers and a decomposition scheme that reduces any group structure to ones that have interval representations. The interval representation allows the problem for checking access rights to be reduced to an interval containment problem. We use the interval tree, a popular data structure in computational geometry, to efficiently execute the access-right checking method.