| Information sharing is an important feature of the progress of the times,with theexpansion of the field of information sharing, and sharing degree unceasingenhancement, social politics, economy, culture and science and technology have madea leap in development.The evolving development needs have more requirement toinformation sharing.High scalability as well as the requirement of information opensystem, security of information sharing are increasingly high requirements.Group-Centric Secure Information Sharing(referred to as G-SIS) is a newmethod of information sharing made by University of Texas professor Ravi Sandhu etal in2009.The core idea of this method is that the subject and the object into thegroup management, group membership decides access authority between the subjectand the object. it is more convenient to share information, especially convenient insensitive information sharing management, can effectively improve the security ofinformation sharing.the G-SIS model and its policies are established by using usagecontrol、role-based access control and so on,this is conducive to management andcontrol of access authorization of the subject and the object,so the model is morestable and flexible, enhanced access control efforts, improve the safety performanceof the system.In G-SIS,the mutual core attributes of all G-SIS models are specified andverified,and developed a number of restrictive strategy to control access authorizationbetween subject and object.This method is applicable to the unequal size of sharinginformation, such as ordering system of large and small network conferencesystem,but the current G-SIS method can not completely meet the existing securityinformation sharing needs.In the application of open information system, securityconstraint information sharing are in many aspects, including the time constraint is avery important strategy in practical application of information sharing system, it isclearly not enough to guarantee system security that access authorization betweensubject and object is only decided by the temporal relation of group operations,butalso no longer suitable for the need of large-scale information sharing in modernsociety.So,this paper will focus on the research of group operations and its variantgroup operations defined in G-SIS policies,and integrate the relation between group operations by using linear temporal logic language,put forward a variety of new timeconstraint strategy.This article will use the PEI framework as a design method,using access controltechnique, make decision in policy layer, execution layer and implementation layer.Inpolicy layer,analysis subject access authorization decisions and the semantics of groupoperation and its variants group operation,put forward new time constraint strategieson this base.In execution layer,analysis the attributes of subject and object in G-SISmodel,and establishes the new G-SIS model with time constraints.In implementationlayer,on the base of policy layer and execution layer,applies the time constraintspolicies to three kinds of actual group-centric information sharing systems,and use theflowsheet to make explanations. |
PDF Full Text Request