Automatic Generation of Attribute-Based Access Control Policies from Natural Language Documents

In response to the challenges of generating Attribute-Based Access Control(ABAC)policies,this paper proposes a deep learning-based method to automatically generate ABAC policies from natural language documents.This method is aimed at organizations such as companies and schools that are transitioning from traditional access control models to the ABAC model.The manual retrieval and analysis involved in this transition are inefficient,prone to errors,and costly.Most organizations have high-level specifications defined for security policies that include a set of access control policies,which often exist in the form of natural language documents.Utilizing this rich source of information,our method effectively identifies and extracts the necessary attributes and rules for access control from natural language documents,thereby constructing and optimizing access control policies.This work transforms the problem of policy automation generation into two tasks:extraction of access control statements andmining of access control attributes.First,the Chat General Language Model(ChatGLM)isemployed to extract access control-related statements from a wide range of natural language documents by constructing unique prompts and leveraging the model’s In-Context Learning to contextualize the statements.Then,the Iterated Dilated-Convolutions-Conditional Random Field(ID-CNN-CRF)model is used to annotate access control attributes within these extracted statements,including subject attributes,object attributes,and action attributes,thus reassembling new access control policies.Experimental results show that our method,compared to baseline methods,achieved the highest F1 score of 0.961,confirming the model’s effectiveness and accuracy.

Attribute-based access control policy specification language

This paper first introduces attribute expression to describe attribute-based access control policy.Secondly,an access control policy enforcement language named A-XACML （attribute-XACML）is proposed,which is an extension of XACML.A-XACML is used as a simple,flexible way to express and enforce access control policies,especially attribute-based access control policy,in a variety of environments.The language and schema support include data types,functions,and combining logic which allow simple and complex policies to be defined.Finally,a system architecture and application case of user-role assignment is given to show how attribute expressions and A-XACML work in access control policy description and enforcement.The case shows that attribute expression and A-XACML can describe and enforce the complex access control policy in a simple and flexible way.

Access Control Policy Analysis and Access Denial Method for Cloud Services

Personal cloud computing is an emerging trend in the computer industry. For a sustainable service, cloud computing services must control user access. The essential business characteristics of cloud computing are payment status and service level agreement. This work proposes a novel access control method for personal cloud service business. The proposed method sets metadata, policy analysis rules, and access denying rules. Metadata define the structure of access control policies and user requirements for cloud services. The policy analysis rules are used to compare conflicts and redundancies between access control policies. The access denying rules apply policies for inhibiting inappropriate access. The ontology is a theoretical foundation of this method. In this work, ontologies for payment status, access permission, service level, and the cloud provide semantic information needed to execute rules. A scenario of personal data backup cloud service is also provided in this work. This work potentially provides cloud service providers with a convenient method of controlling user access according to changeable business and marketing strategies.

τ-Access Policy:Attribute-Based Encryption Scheme for Social Network Based Data Trading

The rapid development of social technology has replaced physical interaction in the trading market.The implication of this technology is to provide access to the right information at the right time.The drawback of these technologies is that the eavesdropper can remove the user from the network and can create proxy participants.In this paper,we discuss how a social network overcome and prevent these data trading issues.To maintain the security of data trading,we applied ABE technique based on DBDH to secure data trading network.Our proposedτ-access policy scheme provides the best solution for the betterment of data trading network in terms of security.Inτ-access policy scheme,the users can encrypt and decrypt Private Transactions Information(PTI)using our proposedτ-access policy.The security properties ofτ-access policy are data confidentiality,data integrity,authenticity,non-repudiation,and unforgeability.The efficiency of our scheme is 77.73%,which is more suitable for data trading markets and trading strategies.

Research on Multicloud Access Control Policy Integration Framework

Multicloud access control is important for resource sharing and security interoperability across different clouds,and heterogeneity of access control policy is an important challenge for cloud mashups.XACML is widely used in distributed environment as a declaratively fine-grained,attribute-based access control policy language,but the policy integration of XACML lacks formal description and theory foundation.Multicloud Access Control Policy Integration Framework(MACPIF)is proposed in the paper,which consists of Attribute-based Policy Evaluation Model(ABPEM),Four-value Logic with Completeness(FLC)and Four-value Logic based Policy Integration Operators(FLPIOs).ABPEM evaluates access control policy and extends XACML decision to four-value.According to policy decision set and policy integration characteristics,we construct FLC and define FLPIOs including Intersection,Union,Difference,Implication and Equivalence.We prove that MACPIF can achieve policy monotonicity,functional completeness,canonical suitability and canonical completeness.Analysis results show that this framework can meet the requirements of policy integration in Multicloud.

Visualization Framework for Inter-Domain Access Control Policy Integration

The rapid increase in resource sharing across domains in the cloud comput- ing environment makes the task of managing inter-domain access control policy integration difficult for the security administrators. Al- though a number of policy integration and sec- urity analysis mechanisms have been devel- oped, few focus on enabling the average ad- ministrator by providing an intuitive cognitive sense about the integrated policies, which considerably undermines the usability factor. In this paper we propose a visualization flame- work for inter-domain access control policy integration, which integrates Role Based Ac- cess Control （RBAC） policies on the basis of role-mapping and then visualizes the inte- grated result. The role mapping algorithm in the framework considers the hybrid role hier- archy. It can not only satisfy the security con- straints of non-cyclic inheritance and separa- tion of duty but also make visualization easier. The framework uses role-permission trees and semantic substrates to visualize the integrated policies. Through the interactive policy query visualization, the average administrator can gain an intuitive understanding of the policy integration result.

Detecting conflict of heterogeneous access control policies

Policy conflicts may cause substantial economic losses.Although a large amount of effort has been spent on detecting intra-domain policy conflict,it can not detect conflicts of heterogeneous policies.In this paper,considering background knowledge,we propose a conflict detection mechanism to search and locate conflicts of heterogeneous policies.First,we propose a general access control model to describe authorization mechanisms of cloud service and a translation scheme designed to translate a cloud service policy to an Extensible Access Control Markup Language(XACML)policy.Then the scheme based on Multi-terminal Multi-data-type Interval Decision Diagram(MTMIDD)and Extended MTMIDD(X-MTMIDD)is designed to represent XACML policy and search the conflict among heterogeneous policies.To reduce the rate of false positives,the description logic is used to represent XACML policy and eliminate false conflicts.Experimental results show the efficiency of our scheme.

Secured Access Policy in Ciphertext-Policy Attribute-Based Encryption for Cloud Environment

The cloud allows clients to store and share data.Depending on the user’s needs,it is imperative to design an effective access control plan to share the information only with approved users.The user loses control of their data when the data is outsourced to the cloud.Therefore,access control mechanisms will become a significant challenging problem.The Ciphertext-Policy Attribute-Based Encryption(CP-ABE)is an essential solution in which the user can control data access.CP-ABE encrypts the data under a limited access policy after the user sets some access policies.The user can decrypt the data if they satisfy the limited access policy.Although CP-ABE is an effective access control program,the privacy of the policy might be compromised by the attackers.Namely,the attackers can gather important information from plain text policy.To address this issue,the SHA-512 algorithm is presented to create a hash code for the user’s attributes in this paper.Depending on the created hash codes,an access policy will be formed.It leads to protecting the access policy against attacks.The effectiveness of the proposed scheme is assessed based on decryption time,private key generation time,ciphertext generation time,and data verification time.

Development of Web Accessibility: Policies, Theories and Apporoaches

The article is intended to introduce the readers to the concept and background of Web accessibility in the United States. I will first discuss different definitions of Web accessibility. The beneficiaries of accessible Web or the sufferers from inaccessible Web will be discussed based on the type of disability. The importance of Web accessibility will be introduced from the perspectives of ethical, demographic, legal, and financial importance. Web accessibility related standards and legislations will be discussed in great detail. Previous research on evaluating Web accessibility will be presented. Lastly, a system for automated Web accessibility transformation will be introduced as an alternative approach for enhancing Web accessibility.

A Blockchain-Based Access Control Scheme for Reputation Value Attributes of the Internet of Things

The Internet of Things(IoT)access controlmechanism may encounter security issues such as single point of failure and data tampering.To address these issues,a blockchain-based IoT reputation value attribute access control scheme is proposed.Firstly,writing the reputation value as an attribute into the access control policy,and then deploying the access control policy in the smart contract of the blockchain system can enable the system to provide more fine-grained access control;Secondly,storing a large amount of resources fromthe Internet of Things in Inter Planetary File System(IPFS)to improve system throughput;Finally,map resource access operations to qualification tokens to improve the performance of the access control system.Complete simulation experiments based on the Hyperledger Fabric platform.Fromthe simulation experimental results,it can be seen that the access control system can achieve more fine-grained and dynamic access control while maintaining high throughput and low time delay,providing sufficient reliability and security for access control of IoT devices.

Implementing Open Access Policy:First case studies

When implementing open access, policy pioneers and flagship institutions alike have faced considerable challenges in meeting their own aims and achieving a recognized success. Legitimate authority, sufficient resources and the right timing are crucial, but the professionals charged with implementing policy still need several years to accomplish significant progress. This study defines a methodological standard for evaluating the first generation of open access policies. Evaluating implementation establishes evidence, enables reflection, and may foster the emergence of a second generation of open access policies.While the study is based on a small number of cases, these case studies cover most of the pioneer institutions, present the most significant issues and offer an international overview.Each case is reconstructed individually on the basis of public documents and background information, and supported by interviews with professionals responsible for open access implementation. This article presents the highlights from each case study. The results are utilized to indicate how a second generation of policies might define open access as a key component of digital research infrastructures that provide inputs and outputs for research,teaching and learning in real time.

SRv6 Policy业务可靠性方案探讨

介绍了SRv6 Policy、SBFD技术及5G承载网络SRv6 Policy业务可靠性方案。针对SBFD误触发问题,提出了在被动端生成BSID、部署引流策略及设置不同检测周期等3种完善措施,这些措施不仅提高了业务的可靠性,还显著提升了网络服务能力.

Mapping and measuring urban-rural inequalities in accessibility to social infrastructures

Equal access to social infrastructures is a fundamental prerequisite for sustainable development,but has long been a great challenge worldwide.Previous studies have primarily focused on the accessibility to social infras-tructures in urban areas across various scales,with less attention to rural areas,where inequality can be more severe.Particularly,few have investigated the disparities of accessibility to social infrastructures between urban and rural areas.Here,using the Changsha-Zhuzhou-Xiangtan urban agglomeration,China,as an example,we investigated the inequality of accessibility in both urban and rural areas,and further compared the urban-rural difference.Accessibility was measured by travel time of residents to infrastructures.We selected four types of social infrastructures including supermarkets,bus stops,primary schools,and health care,which were funda-mentally important to both urban and rural residents.We found large disparities in accessibility between urban and rural areas,ranging from 20 min to 2 h.Rural residents had to spend one to two more hours to bus stops than urban residents,and 20 min more to the other three types of infrastructures.Furthermore,accessibility to multiple infrastructures showed greater urban-rural differences.Rural residents in more than half of the towns had no access to any infrastructure within 15 min,while more than 60%of the urban residents could access to all infrastructures within 15 min.Our results revealed quantitative accessibility gap between urban and rural areas and underscored the necessity of social infrastructures planning to address such disparities.

The impact of Internet access on household dietary quality:Evidence from rural China

Over the past few decades,the Internet has rapidly diffused across China.The spread of the Internet has had a profound economic and social impact on Chinese rural areas.Existing research shows that Internet access significantly impacts agricultural production and improves smallholder farmers’income.Beyond these,the Internet can affect other dimensions of social welfare.However,research about the impact of Internet access on dietary quality in rural China remains scarce.This study utilizes multi-period panel data from Fixed Observation Point in rural China from 2009 to 2015 to estimate the impact of Internet access on dietary quality and food consumption of rural households and conducts a causal analysis.Regression models with time and household fixed effects allow robust estimation while reducing potential issues of unobserved heterogeneity.The estimates show that Internet access has significantly increased rural household dietary quality(measured by the Chinese Diet Balance Index).Further research finds that Internet access has increased the consumption of animal products,such as aquatic and dairy products.We also examine the underlying mechanisms.Internet access improves dietary quality and food consumption mainly through increasing household income and food expenditure.These results encourage the promotion of Internet access as a valuable tool for nutritional improvements,especially in rural areas.

Detection of Turbulence Anomalies Using a Symbolic Classifier Algorithm in Airborne Quick Access Record(QAR)Data Analysis

As the risks associated with air turbulence are intensified by climate change and the growth of the aviation industry,it has become imperative to monitor and mitigate these threats to ensure civil aviation safety.The eddy dissipation rate(EDR)has been established as the standard metric for quantifying turbulence in civil aviation.This study aims to explore a universally applicable symbolic classification approach based on genetic programming to detect turbulence anomalies using quick access recorder(QAR)data.The detection of atmospheric turbulence is approached as an anomaly detection problem.Comparative evaluations demonstrate that this approach performs on par with direct EDR calculation methods in identifying turbulence events.Moreover,comparisons with alternative machine learning techniques indicate that the proposed technique is the optimal methodology currently available.In summary,the use of symbolic classification via genetic programming enables accurate turbulence detection from QAR data,comparable to that with established EDR approaches and surpassing that achieved with machine learning algorithms.This finding highlights the potential of integrating symbolic classifiers into turbulence monitoring systems to enhance civil aviation safety amidst rising environmental and operational hazards.

QoS Provisioning Energy Saving Dynamic Access Policy for Overlay Cognitive Radio Networks with Hidden Markov Channels

Dynamic spectrum access policy is crucial in improving the performance of over- lay cognitive radio networks. Most of the previ- ous works on spectrum sensing and dynamic spe- ctrum access consider the sensing effective- ness and spectrum utilization as the design cri- teria, while ignoring the energy related issues and QoS constraints. In this article, we propose a QoS provisioning energy saving dynamic acc- ess policy using stochastic control theory con- sidering the time-varying characteristics of wir- eless channels because of fading and mobility. The proposed scheme determines the sensing action and selects the optimal spectrum using the corresponding power setting in each decis- ion epoch according to the channel state with the objective being to minimise both the flame error rate and energy consumption. We use the Hidden Markov Model （HMM） to model a wir- eless channel, since the channel state is not dir- ectly observable at the receiver, but is instead embedded in the received signal. The proced- ure of dynamic spectrum access is formulated as a Markov decision process which can be sol- ved using linear programming and the primal- dual index heuristic algorithm, and the obta- ined policy has an index-ability property that can be easily implemented in real systems. Sim- ulation results are presented to show the per- formance improvement caused by the propo- sed approach.

A Study on the Multiple Differential Structure of Development in China^s Ethnic Areasand Exploiting the Differentiation and Collaborative Policy—On the New Form of China’s Ethnic Relations and the New System of Ethnic Policies

A fter 60 years of im plem entation, the ethnic regional autonomous policy has provided basic p o litica l support for promoting the common development and prosperity of a ll ethnic groups.

A View of Beijing’s Traffic Policy:Evaluation on the Policies Released in 2010 to Ease Traffic Congestion

In today’s society where the economy is developing rapidly and the process of urbanization is accelerating,the traffic in major cities in China is facing tremendous pressure.The economy of Beijing has developed rapidly,its population is dense,the living standard of people has improved significantly,and the number of cars has increased dramatically.From the end of 2005 to the end of November 2010,motor vehicles in Beijing increased from about 2.58 million to about 4.69 million.The problem of traffic congestion has become more prominent,affecting the daily lives of the residents.

Access Control Policy Based on Friend Circle

Nowadays,the scale of the user’s personal social network(personal network,a network of the user and their friends,where the user we call“center user”)is becoming larger and more complex.It is difficult to find a suitable way to manage them automatically.In order to solve this problem,we propose an access control model for social network to protect the privacy of the central users,which achieves the access control accurately and automatically.Based on the hybrid friend circle detection algorithm,we consider the aspects of direct judgment,indirect trust judgment and malicious users,a set of multi-angle control method which could be adapted to the social network environment is proposed.Finally,we propose the solution to the possible conflict of rights in the right control,and assign the rights reasonably in the case of guaranteeing the privacy of the users.

Adaptable and Dynamic Access Control Decision-Enforcement Approach Based on Multilayer Hybrid Deep Learning Techniques in BYOD Environment

Organizations are adopting the Bring Your Own Device(BYOD)concept to enhance productivity and reduce expenses.However,this trend introduces security challenges,such as unauthorized access.Traditional access control systems,such as Attribute-Based Access Control(ABAC)and Role-Based Access Control(RBAC),are limited in their ability to enforce access decisions due to the variability and dynamism of attributes related to users and resources.This paper proposes a method for enforcing access decisions that is adaptable and dynamic,based on multilayer hybrid deep learning techniques,particularly the Tabular Deep Neural Network Tabular DNN method.This technique transforms all input attributes in an access request into a binary classification(allow or deny)using multiple layers,ensuring accurate and efficient access decision-making.The proposed solution was evaluated using the Kaggle Amazon access control policy dataset and demonstrated its effectiveness by achieving a 94%accuracy rate.Additionally,the proposed solution enhances the implementation of access decisions based on a variety of resource and user attributes while ensuring privacy through indirect communication with the Policy Administration Point(PAP).This solution significantly improves the flexibility of access control systems,making themmore dynamic and adaptable to the evolving needs ofmodern organizations.Furthermore,it offers a scalable approach to manage the complexities associated with the BYOD environment,providing a robust framework for secure and efficient access management.