The Research And Application Based On The Trill Protocol And Time With Rank Constraints In The G-SIS System

Social, economic and cultural development requires sharing resources in all areas.With the rapid development of information and internet technology, informationsharing technologies have aroused people’s attention. To better accommodateinformation sharing, traditional access control technologies will be replaced with newones.The introduction of G-SIS as a new access control technology, not onlyconquered shortcomings like easily propagative authorization to access controlsubjects(DAC), immutable security attributes of subjects and objects(MAC),role-limited authorization(RBAC), but also inherited the eight elements of usagecontrol(UCON), as well as the variability and continuity of attributes. Based on theconcept of grouping, the new technology employs group management for subjects andobjects while making authorization more flexible by adding extra attributes to coreones.The present network architectures of data centers mainly use the second layer forconvergence and the third layer for access, namely a multi-protocol mode withprotocols such as STP on the second layer and routing protocols on the third layer,rather than unified protocol architectures. They tab subjects and objects by MACaddresses in the same segments on layer two, while tabbing subjects and objects by IPaddresses in different segments on layer three. However, TRILL nickname can notonly map MAC addresses in the same segments on layer two, but also conduct similarthree-layer IP routing computation in different segments, so one set of protocol accesscontrol policies is enough.G-SIS mode mainly groups subjects and objects, without unique tab for groupmembers. TRILL nickname matches IP address with the MAC address of a device andis unique in the whole network. The egress nickname determines a visitor’s origin andcan be used to uniquely tab G-SIS subjects.G-SIS mode gives group members access to corresponding resources in the group,but without ranking the subjects. A ranking strategy needs to be added not only togrant different privileges to group subjects of different ranks, but also to allow roletransformation for group subjects of different ranks. Meanwhile, time constraintstrategy is added to fix the problem that G-SIS only relies on temporary actions ofgroup actions (subjects enter and leave; add and delete objects). The time constraint can offer time design for subjects’role transformation and control subjects’operationsof objects according to time. The two strategies are described with “verbalization”based on LTL language.In the end, PEI framework is introduced into G-SIS. Under the Policy mode, theranking strategy and time constraint strategy are employed to tab subjects bynickname; in the Enforcement model, LTL language is used for process design ofG-SIS strategies; finally, after the strategies are improved in the implementation mode,the new G-SIS mode is used for three common medium and large networkinformation systems: online banking system, enterprise training system，E-commercefestival activities system.