A Blockchain-Based Access Control Scheme for Reputation Value Attributes of the Internet of Things

The Internet of Things(IoT)access controlmechanism may encounter security issues such as single point of failure and data tampering.To address these issues,a blockchain-based IoT reputation value attribute access control scheme is proposed.Firstly,writing the reputation value as an attribute into the access control policy,and then deploying the access control policy in the smart contract of the blockchain system can enable the system to provide more fine-grained access control;Secondly,storing a large amount of resources fromthe Internet of Things in Inter Planetary File System(IPFS)to improve system throughput;Finally,map resource access operations to qualification tokens to improve the performance of the access control system.Complete simulation experiments based on the Hyperledger Fabric platform.Fromthe simulation experimental results,it can be seen that the access control system can achieve more fine-grained and dynamic access control while maintaining high throughput and low time delay,providing sufficient reliability and security for access control of IoT devices.

Adaptable and Dynamic Access Control Decision-Enforcement Approach Based on Multilayer Hybrid Deep Learning Techniques in BYOD Environment

Organizations are adopting the Bring Your Own Device(BYOD)concept to enhance productivity and reduce expenses.However,this trend introduces security challenges,such as unauthorized access.Traditional access control systems,such as Attribute-Based Access Control(ABAC)and Role-Based Access Control(RBAC),are limited in their ability to enforce access decisions due to the variability and dynamism of attributes related to users and resources.This paper proposes a method for enforcing access decisions that is adaptable and dynamic,based on multilayer hybrid deep learning techniques,particularly the Tabular Deep Neural Network Tabular DNN method.This technique transforms all input attributes in an access request into a binary classification(allow or deny)using multiple layers,ensuring accurate and efficient access decision-making.The proposed solution was evaluated using the Kaggle Amazon access control policy dataset and demonstrated its effectiveness by achieving a 94%accuracy rate.Additionally,the proposed solution enhances the implementation of access decisions based on a variety of resource and user attributes while ensuring privacy through indirect communication with the Policy Administration Point(PAP).This solution significantly improves the flexibility of access control systems,making themmore dynamic and adaptable to the evolving needs ofmodern organizations.Furthermore,it offers a scalable approach to manage the complexities associated with the BYOD environment,providing a robust framework for secure and efficient access management.

Blockchain-Enabled Privacy Protection and Access Control Scheme Towards Sensitive Digital Assets Management

With the growth of requirements for data sharing,a novel business model of digital assets trading has emerged that allows data owners to sell their data for monetary gain.In the distributed ledger of blockchain,however,the privacy of stakeholder's identity and the confidentiality of data content are threatened.Therefore,we proposed a blockchainenabled privacy-preserving and access control scheme to address the above problems.First,the multi-channel mechanism is introduced to provide the privacy protection of distributed ledger inside the channel and achieve coarse-grained access control to digital assets.Then,we use multi-authority attribute-based encryption(MAABE)algorithm to build a fine-grained access control model for data trading in a single channel and describe its instantiation in detail.Security analysis shows that the scheme has IND-CPA secure and can provide privacy protection and collusion resistance.Compared with other schemes,our solution has better performance in privacy protection and access control.The evaluation results demonstrate its effectiveness and practicability.

Cross-Domain Bilateral Access Control on Blockchain-Cloud Based Data Trading System

Data trading enables data owners and data requesters to sell and purchase data.With the emergence of blockchain technology,research on blockchain-based data trading systems is receiving a lot of attention.Particularly,to reduce the on-chain storage cost,a novel paradigm of blockchain and cloud fusion has been widely considered as a promising data trading platform.Moreover,the fact that data can be used for commercial purposes will encourage users and organizations from various fields to participate in the data marketplace.In the data marketplace,it is a challenge how to trade the data securely outsourced to the external cloud in a way that restricts access to the data only to authorized users across multiple domains.In this paper,we propose a cross-domain bilateral access control protocol for blockchain-cloud based data trading systems.We consider a system model that consists of domain authorities,data senders,data receivers,a blockchain layer,and a cloud provider.The proposed protocol enables access control and source identification of the outsourced data by leveraging identity-based cryptographic techniques.In the proposed protocol,the outsourced data of the sender is encrypted under the target receiver’s identity,and the cloud provider performs policy-match verification on the authorization tags of the sender and receiver generated by the identity-based signature scheme.Therefore,data trading can be achieved only if the identities of the data sender and receiver simultaneously meet the policies specified by each other.To demonstrate efficiency,we evaluate the performance of the proposed protocol and compare it with existing studies.

Big Data Access Control Mechanism Based on Two-Layer Permission Decision Structure

Big data resources are characterized by large scale, wide sources, and strong dynamics. Existing access controlmechanisms based on manual policy formulation by security experts suffer from drawbacks such as low policymanagement efficiency and difficulty in accurately describing the access control policy. To overcome theseproblems, this paper proposes a big data access control mechanism based on a two-layer permission decisionstructure. This mechanism extends the attribute-based access control (ABAC) model. Business attributes areintroduced in the ABAC model as business constraints between entities. The proposed mechanism implementsa two-layer permission decision structure composed of the inherent attributes of access control entities and thebusiness attributes, which constitute the general permission decision algorithm based on logical calculation andthe business permission decision algorithm based on a bi-directional long short-term memory (BiLSTM) neuralnetwork, respectively. The general permission decision algorithm is used to implement accurate policy decisions,while the business permission decision algorithm implements fuzzy decisions based on the business constraints.The BiLSTM neural network is used to calculate the similarity of the business attributes to realize intelligent,adaptive, and efficient access control permission decisions. Through the two-layer permission decision structure,the complex and diverse big data access control management requirements can be satisfied by considering thesecurity and availability of resources. Experimental results show that the proposed mechanism is effective andreliable. In summary, it can efficiently support the secure sharing of big data resources.

Automatic Generation of Attribute-Based Access Control Policies from Natural Language Documents

In response to the challenges of generating Attribute-Based Access Control(ABAC)policies,this paper proposes a deep learning-based method to automatically generate ABAC policies from natural language documents.This method is aimed at organizations such as companies and schools that are transitioning from traditional access control models to the ABAC model.The manual retrieval and analysis involved in this transition are inefficient,prone to errors,and costly.Most organizations have high-level specifications defined for security policies that include a set of access control policies,which often exist in the form of natural language documents.Utilizing this rich source of information,our method effectively identifies and extracts the necessary attributes and rules for access control from natural language documents,thereby constructing and optimizing access control policies.This work transforms the problem of policy automation generation into two tasks:extraction of access control statements andmining of access control attributes.First,the Chat General Language Model(ChatGLM)isemployed to extract access control-related statements from a wide range of natural language documents by constructing unique prompts and leveraging the model’s In-Context Learning to contextualize the statements.Then,the Iterated Dilated-Convolutions-Conditional Random Field(ID-CNN-CRF)model is used to annotate access control attributes within these extracted statements,including subject attributes,object attributes,and action attributes,thus reassembling new access control policies.Experimental results show that our method,compared to baseline methods,achieved the highest F1 score of 0.961,confirming the model’s effectiveness and accuracy.

Deep Learning Social Network Access Control Model Based on User Preferences

A deep learning access controlmodel based on user preferences is proposed to address the issue of personal privacy leakage in social networks.Firstly,socialusers andsocialdata entities are extractedfromthe social networkandused to construct homogeneous and heterogeneous graphs.Secondly,a graph neural networkmodel is designed based on user daily social behavior and daily social data to simulate the dissemination and changes of user social preferences and user personal preferences in the social network.Then,high-order neighbor nodes,hidden neighbor nodes,displayed neighbor nodes,and social data nodes are used to update user nodes to expand the depth and breadth of user preferences.Finally,a multi-layer attention network is used to classify user nodes in the homogeneous graph into two classes:allow access and deny access.The fine-grained access control problem in social networks is transformed into a node classification problem in a graph neural network.The model is validated using a dataset and compared with other methods without losing generality.The model improved accuracy by 2.18%compared to the baseline method GraphSAGE,and improved F1 score by 1.45%compared to the baseline method,verifying the effectiveness of the model.

A Dual-Cluster-Head Based Medium Access Control for Large-Scale UAV Ad-Hoc Networks

Unmanned Aerial Vehicle(UAV)ad hoc network has achieved significant growth for its flexibility,extensibility,and high deployability in recent years.The application of clustering scheme for UAV ad hoc network is imperative to enhance the performance of throughput and energy efficiency.In conventional clustering scheme,a single cluster head(CH)is always assigned in each cluster.However,this method has some weaknesses such as overload and premature death of CH when the number of UAVs increased.In order to solve this problem,we propose a dual-cluster-head based medium access control(DCHMAC)scheme for large-scale UAV networks.In DCHMAC,two CHs are elected to manage resource allocation and data forwarding cooperatively.Specifically,two CHs work on different channels.One of CH is used for intra-cluster communication and the other one is for inter-cluster communication.A Markov chain model is developed to analyse the throughput of the network.Simulation result shows that compared with FM-MAC(flying ad hoc networks multi-channel MAC,FM-MAC),DCHMAC improves the throughput by approximately 20%~50%and prolongs the network lifetime by approximately 40%.

Advanced Functional Electromagnetic Shielding Materials:A Review Based on Micro‑Nano Structure Interface Control of Biomass Cell Walls

Research efforts on electromagnetic interference(EMI)shielding materials have begun to converge on green and sustainable biomass materials.These materials offer numerous advantages such as being lightweight,porous,and hierarchical.Due to their porous nature,interfacial compatibility,and electrical conductivity,biomass materials hold significant potential as EMI shielding materials.Despite concerted efforts on the EMI shielding of biomass materials have been reported,this research area is still relatively new compared to traditional EMI shielding materials.In particular,a more comprehensive study and summary of the factors influencing biomass EMI shielding materials including the pore structure adjustment,preparation process,and micro-control would be valuable.The preparation methods and characteristics of wood,bamboo,cellulose and lignin in EMI shielding field are critically discussed in this paper,and similar biomass EMI materials are summarized and analyzed.The composite methods and fillers of various biomass materials were reviewed.this paper also highlights the mechanism of EMI shielding as well as existing prospects and challenges for development trends in this field.

Passive activity enhances residual control ability in patients with complete spinal cord injury

Patients with complete spinal cord injury retain the potential for volitional muscle activity in muscles located below the spinal injury level.However,because of prolonged inactivity,initial attempts to activate these muscles may not effectively engage any of the remaining neurons in the descending pathway.A previous study unexpectedly found that a brief clinical round of passive activity significantly increased volitional muscle activation,as measured by surface electromyography.In this study,we further explored the effect of passive activity on surface electromyographic signals during volitional control tasks among individuals with complete spinal cord injury.Eleven patients with chronic complete thoracic spinal cord injury were recruited.Surface electromyography data from eight major leg muscles were acquired and compared before and after the passive activity protocol.The results indicated that the passive activity led to an increased number of activated volitional muscles and an increased frequency of activation.Although the cumulative root mean square of surface electromyography amplitude for volitional control of movement showed a slight increase after passive activity,the difference was not statistically significant.These findings suggest that brief passive activity may enhance the ability to initiate volitional muscle activity during surface electromyography tasks and underscore the potential of passive activity for improving residual motor control among patients with motor complete spinal cord injury.

A matrix metalloproteinase-responsive hydrogel system controls angiogenic peptide release for repair of cerebral ischemia/reperfusion injury

Vascular endothelial growth factor and its mimic peptide KLTWQELYQLKYKGI(QK)are widely used as the most potent angiogenic factors for the treatment of multiple ischemic diseases.However,conventional topical drug delivery often results in a burst release of the drug,leading to transient retention(inefficacy)and undesirable diffusion(toxicity)in vivo.Therefore,a drug delivery system that responds to changes in the microenvironment of tissue regeneration and controls vascular endothelial growth factor release is crucial to improve the treatment of ischemic stroke.Matrix metalloproteinase-2(MMP-2)is gradually upregulated after cerebral ischemia.Herein,vascular endothelial growth factor mimic peptide QK was self-assembled with MMP-2-cleaved peptide PLGLAG(TIMP)and customizable peptide amphiphilic(PA)molecules to construct nanofiber hydrogel PA-TIMP-QK.PA-TIMP-QK was found to control the delivery of QK by MMP-2 upregulation after cerebral ischemia/reperfusion and had a similar biological activity with vascular endothelial growth factor in vitro.The results indicated that PA-TIMP-QK promoted neuronal survival,restored local blood circulation,reduced blood-brain barrier permeability,and restored motor function.These findings suggest that the self-assembling nanofiber hydrogel PA-TIMP-QK may provide an intelligent drug delivery system that responds to the microenvironment and promotes regeneration and repair after cerebral ischemia/reperfusion injury.

Attribute-based access control policy specification language

This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML （attribute-XACML）is proposed,which is an extension of XACML.A-XACML is used as a simple,flexible way to express and enforce access control policies,especially attribute-based access control policy,in a variety of environments.The language and schema support include data types,functions,and combining logic which allow simple and complex policies to be defined.Finally,a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.

A New Role Hierarchy Model for Role Based Access Control

A new role hierarchy model for RBAC (role-based access control) is presented and its features are illustrated through examples. Some new concepts such as private permission, public permission and special permission are introduced, based on the RRA97 model. Some new role-role inheriting forms such as normal inheritance, private inheritance, public inheritance and special-without inheritance are defined. Based on the ideas mentioned, the new role hierarchy model is formulated. It is easier and more comprehensible to describe role-role relationships through the new model than through the traditional ones. The new model is closer to the real world and its mechanism is more powerful. Particularly it is more suitable when used in large-scale role hierarchies.

Multi-granularity spatial-temporal access control model for web GIS

The multi-granularity spatial-temporal-related access control（MSTAC） model was proposed to meet the spatial access control requirements for the service-oriented spatial data infrastructure（SDI）. MSTAC extends the attribute constraints of role-based access control（RBAC）, which includes the user＇s location attribute, the role＇s time constraint, the layer vector constraint of a map class, the scale and time constraints of a geographic layer, the topological constraints of geographic features, the semantic attribute expression constraints of geographic features, and the field constraint of feature views. Through this model, authorized users would be limited to access different granularity spatial datasets, such as the map granularity, the graphic layer granularity, the feature object granularity and the feature view granularity. Finally, the MSTAC model is achieved in a web GIS, which shows the positive and negative authorizations to different services in different data granularities and time periods.

IEEE 802.11e Medium Access Control层QoS机制的改进研究

针对IEEE802.11e Medium Access Control层的QoS机制高负载时存在远端节点冲突和低优先级业务资源被耗尽的问题,提出在牺牲较小带宽的基础上增加一条忙音信道,取代CTS帧在数据信道上的广播,减少远端节点的冲突.仿真结果表明,该方案具有较小的冲突概率,有效地减少了远端节点冲突.同时提出一个解决公平性问题的新思路:在避退时间发送忙音抢占信道,以期提高低优先级业务的接入概率.

Multi-level access control model for tree-like hierarchical organizations

An access control model is proposed based on the famous Bell-LaPadula （BLP） model.In the proposed model,hierarchical relationships among departments are built,a new concept named post is proposed,and assigning security tags to subjects and objects is greatly simplified.The interoperation among different departments is implemented through assigning multiple security tags to one post, and the more departments are closed on the organization tree,the more secret objects can be exchanged by the staff of the departments.The access control matrices of the department,post and staff are defined.By using the three access control matrices,a multi granularity and flexible discretionary access control policy is implemented.The outstanding merit of the BLP model is inherited,and the new model can guarantee that all the information flow is under control.Finally,our study shows that compared to the BLP model,the proposed model is more flexible.

Virus spreading in wireless sensor networks with a medium access control mechanism

In this paper, an extended version of standard susceptible-infected （SI） model is proposed to consider the influence of a medium access control mechanism on virus spreading in wireless sensor networks. Theoretical analysis shows that the medium access control mechanism obviously reduces the density of infected nodes in the networks, which has been ignored in previous studies. It is also found that by increasing the network node density or node communication radius greatly increases the number of infected nodes. The theoretical results are confirmed by numerical simulations.

Authentication and Access Control in RFID Based Logistics-customs Clearance Service Platform

The content security requirements of a radio frequency identification （RFID） based logistics-customs clearance service platform （LCCSP） are analysed in this paper. Then, both the unified identity authentication and the access control modules are designed according to those analyses. Finally, the unified identity authentication and the access control on the business level are implemented separately. In the unified identity authentication module, based on an improved Kerberos-based authentication approach, a new control transfer method is proposed to solve the sharing problem of tickets among different servers of different departments. In the access control module, the functions of access controls are divided into different granularities to make the access control management more flexible. Moreover, the access control module has significant reference value for user management in similar systems.

Design and Implementation of File Access and Control System Based on Dynamic Web

A dynamic Web application, which can help the departments of enterprise to collaborate with each other conveniently, is proposed. Several popular design solutions are introduced at first. Then, dynamic Web system is chosen for developing the file access and control system. Finally, the paper gives the detailed process of the design and implementation of the system, which includes some key problems such as solutions of document management and system security. Additionally, the limitations of the system as well as the suggestions of further improvement are also explained.

Service Security Architecture and Access Control Model for Cloud Computing

Security is a key problem for the development of Cloud Computing. A common service security architecture is a basic abstract to support security research work. The authorization ability in the service security faces more complex and variable users and environment. Based on the multidimensional views, the service security architecture is described on three dimensions of service security requirement integrating security attributes and service layers. An attribute-based dynamic access control model is presented to detail the relationships among subjects, objects, roles, attributes, context and extra factors further. The model uses dynamic control policies to support the multiple roles and flexible authority. At last, access control and policies execution mechanism were studied as the implementation suggestion.