Hierarchical access control policies are used to restrict access to
objects by users based on their respective security labels. There are
many key assignment schemes in the literature for implementing
such policies using cryptographic mechanisms. Updating keys in such
schemes has always been problematic, not least because many objects
may be encrypted with the same key. We propose a number of techniques
by which this process can be improved, making use of the idea of
lazy key updates, which have been studied in the context of
cryptographic file systems. We demonstrate in passing that schemes
for lazy key updates can be regarded as simple instances of key
assignment schemes. Finally, we illustrate the utility of our
techniques by applying them to hierarchical file systems and to
temporal access control policies
