Split consensus for object security

Abstract

We present a set of security mechanisms supporting a form of split consensus between subjects that grant permissions to exert rights to access objects, and subjects that hold these rights. Our solution is based on lock-key pairs. A key specifies a collection of access rights, and a category for each access right. For each category, a lock states whether an access right in that category is valid, or not. We illustrate a few examples of applications, including file security, a form of priority-based access control, access control lists, and capability lists supporting hierarchical object structures.