Access Rules Research Articles

An on-the-fly framework for usable access control policy mining

Access control policy mining, which extracts or infers access control policies from existing system logs or configurations within a given environment, is widely applied in policy migration. No policy mining algorithm can produce completely accurate policies, necessitating human intervention to correct errors before implementation. However, humans may fail to revise the produced policies without fully understanding all permission details. In this paper, we propose an on-the-fly framework to assist human revisions by mining usable policies. This framework is formulated as an approximate optimization problem, designed to avoid permission errors and redundancy by balancing submodularity and modular costs through an iterative search for access rules. The search space is guided by two pruning techniques: a tight optimistic estimate to only eliminate unpromising candidates and a queue cutter to sample promising candidates in advance. Experimental evaluations on two real-world and three publicly available synthetic datasets indicate that: 1) our method produces more concise results than existing methods, achieving a 93.2% reduction in redundancy; 2) our method is at least five times faster than state-of-the-art approaches. To further validate the usability of the policies obtained by our approach, we conducted a user study involving 30 participants and 7 large language models (LLMs). The results show that 90.9% of participants, including LLMs such as gpt-4o-mini, successfully modified our mined policies to meet given permission goals.

Construction of Access Rules for Data Transaction Subjects

At present, data exchanges have been set up in various provinces and cities in China, but China has not yet established uniform rules for data transactions. As an important threshold to ensure the security of data transactions, it is of great significance to construct access rules for data transaction subject. By building access rules for data transaction subjects, data transaction rules will be gradually improved, which is also a positive response to China’s policy requirements. Adhering to the principle of ensuring data security and promoting the release of data value, this paper analyzes the existing rules of data exchanges and explores the construction ideas of access rules for data transaction subjects. Data transaction subjects can be divided into data providers and data demanders. In addition to examining the basic situation of the subject of the transaction, a more detailed examination is needed. For data providers, it is necessary to review whether they have any recent data-related violations and whether they have a sound data compliance management system. For data demanders, it is also necessary to review their data-related breaches, cybersecurity protection capabilities, and data security protection capabilities.

From Algorithms to Market Dynamics: A Literature Review on High-Frequency Trading

Abstract: High-frequency trading (HFT) uses advanced technologies and sophisticated algorithms to make transactions at unprecedented speeds, which could significantly impact modern financial markets. This literature review examines the technological foundations, primary trading strategies, market impacts, regulatory environment, risk management practices, and future research directions in HFT. The findings reveal that HFT could increase market liquidity and price discovery but also increase volatility during periods of high market stress. Regulatory frameworks such as the SECs Market Access Rule and MiFID II aim to monitor and control HFT activities, at the same time effective risk management practices are crucial for maintaining market stability. Future research should focus on emerging technologies such as AI, ML, quantum computing, and blockchain, along with a better understanding of market structure and global regulatory coordination. This review provides valuable insights for market participants, regulators and researchers, contributing to a balanced perspective on HFTs role in contemporary financial markets.

Defense in Depth Strategies for Zero Trust Security Models

The groundbreaking Zero Trust Security Model challenges perimeter-based protections in cybersecurity. As cyber threats become more sophisticated, corporations are embracing the Zero Trust philosophy of "never trust, always verify." Whether from within or outside the network, this paradigm imposes rigorous access rules and continual authentication. Zero Trust is a strong security foundation, yet it has drawbacks. The Zero Trust paradigm is enhanced by Defense in Depth, which layers several security methods to safeguard assets. This article examines how the Zero Trust Security Model might include Defense in Depth methods for a complete, robust, and adaptable security architecture. Zero Trust requires all users and devices to be verified, approved, and continually vetted before accessing resources, eliminating implicit trust. A typical method employed by attackers after breaching the perimeter is lateral movement inside the network, which this approach mitigates well. However, Defense in Depth—deploying numerous, redundant security measures throughout the IT environment—is a proven method. Defence in Depth and Zero Trust may be combined to strengthen access restrictions, detection, response, and recovery.

Despotic dominion and union organizing: Law, property, and the historical geography of class struggle in California agribusiness

This paper examines the role of law, particularly law related to private property, in the historical geography of class struggle. At the center of the analysis is the ‘access rule’, written by the California Agricultural Labor Relations Board in 1975 and struck down by the United States Supreme Court in 2021. Responding to the specific geography of California agribusiness labor relations and the long history of violent repression of workers' organizing rights, the rule allowed union organizers onto growers' property under highly constrained conditions to speak with workers about the merits of unionization. The paper traces the ‘pre-history’ of the rule – the decades of law officers and growers' efforts to deny organizers access to California's rural working class – the working of the rule during its more than forty-five years of existence, and its demise at the hands of the current, conservative supreme court. In doing so, it shows how law not only shapes class composition in particular landscapes but is an essential tool, strategically deployed, by all sides in class struggles.

Regulations from the Sanctuary of Amphiaraus in Oropos

The white marble stele, found during the excavations initiated by V. Leonardos in the Oropian Amphiareion and first published in 1885, contains a series of rules regulating the presence of the priest in the iatric sanctuary, endowing him with specific legal powers, defining the powers of the neokoros and establishing the rules of access to the enkoimeterion.

China's Path to the Construction of Personal Bankruptcy System

Personal bankruptcy system is a system that has been absent in China for a long time, the scale of over-consumption groups in China is expanding at this stage, the number of over-indebted people is increasing, and there are a large number of cases that are difficult to be executed or have no property to be broken in the court, which makes the construction of personal bankruptcy system more urgent. In this paper, the author discusses the value background, access rules and legal effects of the personal bankruptcy system, with the intention of constructing a personal bankruptcy system under the path of China.

The decommodifying capacity of tenancy law: comparative analysis of tenants’ and landlords’ rights in Austria, Germany, and Switzerland

Tenants all over the globe face the challenges of increasing rents and even forced evictions, particularly in the private urban rental sector. Affordable housing shortage and displacement have become severe societal problems for the lower- and middle-income segments. Certain legal institutions, including tenancy law, provide a decommodifying capacity for more tenure security and stability. This paper studies this capacity of tenancy law by comparatively examining the tenants’ and landlords’ rights in Austria, Germany, and Switzerland through the lens of decommodification. The focus is (1) on the rules of access to housing for new residents entering the housing market and (2) the rules of exit that govern the ability of the occupants to continue living in their apartments. Findings show that while tenants’ rights in Switzerland are weakly protected by law, tenants in Austria and Germany receive robust protection. Austrian and German tenants cannot be evicted at short notice, nor are landlords allowed to dismiss them unless they declare legitimate self-usage. Also, tenants remain protected from arbitrary rent increases in case of rental upgrading. Conclusions help practitioners to consider tenancy law as an influential way to counteract the market-driven dynamics in housing and to enhance the protective capacity within renting property.

Conflicting Scientific Narratives at the Convention on Biological Diversity and Other Fora: Analysis and Contradiction in the Discussions on Dematerialization of (Plant) Genetic Resources

This article examines the use of scientific arguments in negotiations on the status of Digital Sequence Information (DSI), focusing on the Convention on Biological Diversity (CBD), the International Treaty on Plant Genetic Resources for Food and Agriculture (ITPGRFA), and the Pandemic Influenza Preparedness Framework (PIP). DSI is a placeholder term used in negotiations on the dematerialization of genetic resources: the ability to sequence “physical” genetic resources and use this “intangible” information, which radically changes research practices. The CBD (among other instruments) establishes rules for Access to the Genetic Resource and the Fair and Equitable Sharing of Benefits from their utilization (ABS). This applies to “physical” genetic resources, but it is not clear for DSI. Indeed, different legal interpretations and political narrative are conflicting over the integration of DSI into these legal frameworks. This article explores how science is used in these negotiations, particularly in its rhetorical and epistocratic dimensions. The methodology combines an interdisciplinary approach (legal technique, philosophy of law and science) and a comparative discourse analysis: on the terminology; the inclusion of DSI in the definition of genetic material; and the inclusion of DSI in ABS systems. While scientific arguments play a crucial role in this technical issue, this article shows that scientific arguments can be used to support political positions (under the guise of objectivity and neutrality), and that this use of scientific arguments is not consistent, even contradictory (between PIP and CBD/ITPGRFA).

A learning‐based method for optimal dynamic privileged parking permit policy

AbstractThe privileged permit service can be provided as an alternative to the conventional meter and reserved services in the off‐street parking lots. In view of the unbalanced demand and the simplistic off‐street parking lot management, this paper proposes a novel parking management problem for setting up and withdrawing the temporary permit‐only policy. To optimize the access rule regarding uncertainty demand on the time of day and the utilization of the parking lot, a deep Q‐learning (DQL) method is proposed to address the uncertainty and dimensionality in the framework of deep reinforcement learning (DRL). To replicate real‐world demand pattern for training deep Q network, a short‐term parking demand model is presented by integrating the long‐short term memory neural network and multivariant Gaussian process. A case study is performed on urban parking lots on university campus. The numerical experiments of a rule‐based strategy, a tabular Q‐learning (TQL) method, and the proposed DQL method are conducted to justify the effectiveness of the proposed method. The proposed method outperforms the static (s, S) inventory policy by 65% and TQL with linear Q‐value estimation by 15% in the total revenue. The sensitivity analyses show the DQL method is capable to handle capacity‐reduced, demand‐increased, and special‐event scenarios while the comparable strategy underperforms the proposed method

Distributed Ledger Approach BlockChain- Based Integrated EHR: A Ethereum Smart Contract Method

Blockchain, on the other hand, is a groundbreaking technology that provides a distributed and Decentralized environment in which nodes in a list of networks can connect to each other without the need for a central authority. It has the potential to overcome the limits of Electronic Health Record (EHR) management and create a more secure, Decentralized, and safer environment for exchanging EHR data. Further, blockchain is a distributed ledger on which data can be stored and shared in a cryptographically secure, validated, and mutually agreed-upon manner across all mining nodes. The blockchain stores data with a high level of integrity and robustness, and it cannot be altered. Electronic health records (EHRs) are digitally saved health records that provide information about a person’s health. EHRs are generally shared among healthcare stakeholders, and thus are susceptible to power failures, data misuse, a lack of privacy, security, and an audit trail, among other problems. The aim of our proposed framework is firstly to implement blockchain technology for EHR and secondly to provide secure storage of electronic records by defining granular access rules for the users of the proposed framework. Moreover, this framework also discusses the scalability problem faced by the blockchain technology in general via use of off-chain storage of the records. This framework provides the EHR system with the benefits of having a scalable, secure and integral blockchain-based solution.

The Integration of ICT in ELT of Pre-Service Teacher Professional Education (PPG) Students

Student teachers are expected to take advantage the use of technology for teaching process. This study aims to investigate the ICT tools used by Pre-service English Teachers who are also PPG students to achieve their learning goals in teaching English during their Teaching Practicum (PPL), how they integrate these ICT tools evaluated by TPACK and SAMR framework, and examine the obstacles. This current study was descriptive qualitative research. In this research design, the data was gathered by means of document analysis, semi-structured interview and observation. The participants were five Pre-Service Teacher Professional Education (PPG) Students majoring English Education Batch 2 academic year 2022/2023 in one of university in Yogyakarta, who represented three school levels (SMP, SMA and SMK). The data were in three distinct stages: reduction or condensation, data display, and conclusion drawing or verification. The result shows that (1) variety of ICT tools are used to achieve the learning goals, they are Google Form, Google Docs, WhatsApp, Canva, Blooket, Bamboozle, WordWall, Kahoot, Quizizz, YouTube, and GimKit. These tools are selected based on the learning needs, students’ need, students’ preferences, learning objectives, availability of facility, and possible challenges. (2) The activities that integrating ICT tools majority are in augmented level of SAMR. While the pre-services teachers’ TPACK is effectively help them in integrating ICT tool to enhance the quality of learning, but still need optimization. (3) There are three main obstacles faced by the teachers; which come from the technical problems, teachers’ TPACK, and students’ problem. Technical problems covers the lack of internet access, insufficient devices, and restrictive school rules. Teachers’ challenge on their TPACK includes the selection of suitable tools, the time management in integrating ICT tools, and the struggle to keep up with the rapid development of technology. The students face no significant problems, yet sometimes the negligence of the task arises as they become too attached with the ICT tools.

Design and Implementation of Bluetooth Low Energy Based Access Control System

This paper discusses the design of a Bluetooth Low Energy (BLE) based access control system intended to make access control more practical to implement on areas with high personnel turnover rate by making access rules easy to set and making access keys relatively safe to distribute compared to existing key-based access control systems. The use of BLE technology allows the system to estimate key position within the system by utilizing the curve fitting method for distance estimation and the trilateral method for positioning. The proposed system consists of a server, an admin panel, electronic locks, access keys in the form of a wearable, and access keys in the form of an Android application. The system is found to be capable of implementing access control functionalities and capable of implementing indoor positioning based on sections.

Georgian National Idea in the Tiflis Seminary of the Post-Reform Time: The Optics of the Russian Language and Literature

This article examines the case of seminarian David Kezeli who compiled the anti-Russian proclamation To the New Generation of Georgia, confiscated in December 1873. Although the St Petersburg and Caucasian authorities interpreted the case differently, they were united in their inattention to the situation of the Tiflis Theological Seminary. The internal problems of the theological educational institution, including the problem of the disloyalty of the “native” teachers, were to be solved by the officials of the Synod’s Educational Committee and the Exarch of Georgia. The author aims to show the ambivalence of the anti-Russian views of the Georgian seminarians and analyse the Kezeli case as part of the processes in religious education initiated by the 1867 reform. Special attention is paid to the discussion about the establishment of the Georgian language class, the idea of which either led to a consensus among the teachers or to a confrontation described in the Synod documents as a struggle between the Russian and Georgian “parties”. The origins and limitations of anti-Russian sentiments among seminarians are considered in relation to conflicts among teachers, the rules of access to educational and extracurricular literature, and the status of the Russian and Georgian languages. The author concludes that in the first years after the reform, young graduates of the theological academies were inspired by the opportunity to change the content of theological education by introducing the achievements of modern science into it. This goal united teachers of Russian and Georgian origin. They worked together both on projects for Georgian language classes and on compiling lists of advanced literature to be purchased for the student library. Georgian teachers, such as Jacob Gogebashvili, were prepared to become conduits of “human Russification”, arguing that only the Russian language allowed their students to access modern science. The transformation of interaction into conflict, which took on the form of a confrontation between the Russian and Georgian “parties” in the seminary, was explained on both sides by its participants’ personal ambitions. They were fighting for power and money, not for the promotion of the Georgian national idea or the defence of Russian interests in the region. David Kezeli was wholly a product of this situation. After completing his studies at the theological school and moving to the seminary, he felt hostility towards his teachers, seeing in them “Famusovs” who were trying to educate him as a “Molchalin”, while he was constructing himself as a “Bazarov”, the only “nihilist” in Georgia. The anachronism of Kezeli’s “nihilistic” identity emphasises his attachment to the generation of “fathers” who determined the literature available to him and provided him with a tool to master it, i. e. the Russian language.

Access Rules: Freeing Data from Big Tech for a Better Future

Access Rules: Freeing Data from Big Tech for a Better Future

Tragedy of the Commons in a Mediterranean MPA: The Case of Gyaros Island Marine Reserve

Gyaros Island (Aegean Sea) is a recently (2019) established MPA in the Mediterranean Sea, allowing spatiotemporal small-scale fishing (SSF) activities with specific access rules. However, due to the inability of the state authorities to establish any fishing permit process, Gyaros MPA initially functioned as a No-Take Zone (NTZ), offering a rare opportunity for scientific monitoring. Significant political pressure by fisher organizations led to the opening of the MPA in June 2022 without any fishing permit restriction. The unprecedented ‘race for fish’ that followed led to a significant deterioration of the MPA status, as confirmed by scientific monitoring before and after the opening. Outcry from national media, based on concerns raised by the scientific community and NGOs, resulted in lifting access to fishing in September 2022, upgrading Gyaros MPA to a full NTZ. This study aimed to assess if and how the MPA functioning was impacted based on a series of experimental fishing trials and questionnaire surveys conducted with local fishers. Although a substantial part of the fishing community’s mindset is embracing MPAs, our results also suggest that the self-interests of a fishers’ minority, along with non-science-based policy by the national authorities, have led to overfishing and deterioration of MPA status.

Protecting mass-gathering events in a pandemic with testing tracks and transparent information: an experimental study with festival guests

Objective. To enable future open-air festivals during a pandemic, model festivals tested restricted access and behavioural rules to prevent SARS-CoV-2 transmissions. However, the uptake of health-protective measures depends on informed acceptance, meaning people are more likely to follow measures if they understand their effectiveness and related disease risks. Design and main outcome measures. With a series of online surveys, we studied risk perceptions of 6,500 festival guests and the association of perceived effectiveness of protective behaviours with reported compliance. In a scenario-based online experiment (N = 1,958) among festival guests, we tested the effect of informing transparently about the risk-reducing potential of protective measures at festivals on the intention to attend hypothetical events. Results. We found that guests tended to overestimate infection risks while still perceiving them as low. Self-reported mask wearing and distancing at and around the festivals could not be associated with the understanding of the measures’ effectiveness. However, in addition to protective measures themselves, providing transparent information about their absolute risk-reducing effect increased intentions to attend festivals that employ varying protective measures. Conclusion. Our findings suggest that the acceptance of protected festivals can be influenced by transparent information about the effectiveness of protective measures. This calls for further research on evidence-based public health communications to improve their impact.

ABAC Policy Mining through Affiliation Networks and Biclique Analysis

Policy mining is an automated procedure for generating access rules by means of mining patterns from single permissions, which are typically registered in access logs. Attribute-based access control (ABAC) is a model which allows security administrators to create a set of rules, known as the access control policy, to restrict access in information systems by means of logical expressions defined through the attribute–values of three types of entities: users, resources, and environmental conditions. The application of policy mining in large-scale systems oriented towards ABAC is a must because it is not workable to create rules by hand when the system requires the management of thousands of users and resources. In the literature on ABAC policy mining, current solutions follow a frequency-based strategy to extract rules; the problem with that approach is that selecting a high-frequency support leaves many resources without rules (especially those with few requesters), and a low support leads to the rule explosion of unreliable rules. Another challenge is the difficulty of collecting a set of test examples for correctness evaluation, since the classes of user–resource pairs available in logs are imbalanced. Moreover, alternative evaluation criteria for correctness, such as peculiarity and diversity, have not been explored for ABAC policy mining. To address these challenges, we propose the modeling of access logs as affiliation networks for applying network and biclique analysis techniques (1) to extract ABAC rules supported by graph patterns without a frequency threshold, (2) to generate synthetic examples for correctness evaluation, and (3) to create alternative evaluation measures to correctness. We discovered that the rules extracted through our strategy can cover more resources than the frequency-based strategy and perform this without rule explosion; moreover, our synthetics are useful for increasing the certainty level of correctness results. Finally, our alternative measures offer a wider evaluation profile for policy mining.

Prisoners of the archives: privacy, identity and the history of incarceration

ABSTRACT The archival record of incarceration in the United States presents a substantial challenge for historical research. This becomes particularly acute in those instances where historians seek to use individual patient or prisoner records. Some of these records have been deposited in state archives, but many have not, and the use of specific inmate case files can involve restrictive rules of access. In every instance, complex interplays of power, access and privacy pose challenges for historians who wish to foreground the voices and experiences of the incarcerated, and to better understand the practices and impacts of state power. This paper uses a series of episodes from the author’s own work to highlight these issues.

Defense in Depth Strategies for Zero Trust Security Models

The groundbreaking Zero Trust Security Model challenges perimeter-based protections in cybersecurity. As cyber threats become more sophisticated, corporations are embracing the Zero Trust philosophy of "never trust, always verify." Whether from within or outside the network, this paradigm imposes rigorous access rules and continual authentication. Zero Trust is a strong security foundation, yet it has drawbacks. The Zero Trust paradigm is enhanced by Defense in Depth, which layers several security methods to safeguard assets. This article examines how the Zero Trust Security Model might include Defense in Depth methods for a complete, robust, and adaptable security architecture. Zero Trust requires all users and devices to be verified, approved, and continually vetted before accessing resources, eliminating implicit trust. A typical method employed by attackers after breaching the perimeter is lateral movement inside the network, which this approach mitigates well. However, Defense in Depth—deploying numerous, redundant security measures throughout the IT environment—is a proven method. Defence in Depth and Zero Trust may be combined to strengthen access restrictions, detection, response, and recovery. Incorporating Defense in Depth tactics into a Zero Trust architecture creates many hurdles that an attacker must overcome to succeed. These obstacles include physical security, network segmentation, encryption, endpoint security, and enhanced threat detection. An organisation may considerably lower the chance of a breach and its harm by installing these layers. Multiple levels offer redundancy, so if one security measure is hacked, others remain to reduce the danger.