Abstract
In this paper we present the Visual Security Policy Editor (ViSPE), a policy-maker-friendly graphical editor for the eXtensible Access Control Markup Language (XACML). The editor is based on the programming language Scratch and implemented in Smalltalk. It uses a graphical block-based syntax for declaring access control polices that simplifies many of the cumbersome and verbose parts of XACML. Using a graphical language allows the editor to aid the policy-maker in building polices by providing visual feedback and by grouping blocks and operators that fit together and also indicating which blocks that stick together. It simplifies building policies while still maintaining the basic structure and logic of XACML.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The policy example was inspired by http://www.oasis-open.org/committees/download.php/2713/Brief_Introduction_to_XACML.html.
- 2.
UMU-XACML-Editor: http://umu-xacmleditor.sourceforge.net.
- 3.
WSO2 Identity Server: https://docs.wso2.com/display/IS450/Creating+an+XACML+Policy.
- 4.
Axiomatics Language for Authorization (ALFA) http://www.axiomatics.com/axiomatics-alfa-plugin-for-eclipse.html.
- 5.
Graphical Modelling Framework, http://www.eclipse.org/modeling/gmp/.
- 6.
Phratch: http://www.phratch.com/.
- 7.
Pharo: http://pharo.org.
References
Moses, T.: eXtensible Access Control Markup Language (XACML) Version 2.0. OASIS Standard (2005)
Malan, D.J., Leitner, H.H.: Scratch for budding computer scientists. In: Proceedings of the 38th SIGCSE Technical Symposium on Computer Science Education. SIGCSE 2007, pp. 223–227, New York, NY, USA. ACM (2007)
Resnick, M., Maloney, J., Monroy-Hernández, A., Rusk, N., Eastmond, E., Brennan, K., Millner, A., Rosenbaum, E., Silver, J., Silverman, B., et al.: Scratch: programming for all. Commun. ACM 52(11), 60–67 (2009)
Bera, C., Denker, M.: Towards a flexible Pharo compiler. In: Lagadec, L., Plantec, A. (eds.) IWST. Annecy, France, ESUG (2013)
Ulltveit-Moe, N., Oleshchuk, V.: A novel policy-driven reversible anonymisation scheme for xml-based services. Inf. Syst. 48, 164–178 (2015)
Ulltveit-Moe, N., Oleshchuk, V.: Decision-cache based XACML authorisation and anonymisation for XML documents. Comput. Stand. Interfaces 34(6), 527–534 (2012)
Stepien, B., Felty, A., Matwin, S.: A non-technical xacml target editor for dynamic access control systems. In: 2014 International Conference on Collaboration Technologies and Systems (CTS), pp. 150–157. IEEE (2014)
Zhao, H., Lobo, J., Bellovin, S.: An algebra for integration and analysis of ponder2 policies. IEEE Workshop Policies Distrib. Syst. Netw. 2008, 74–77 (2008)
Twidle, K., Dulay, N., Lupu, E., Sloman, M.: Ponder2: a policy system for autonomous pervasive environments. In: Fifth International Conference on Autonomic and Autonomous Systems, 2009, ICAS 2009, pp. 330–335 (2009)
Roy, K.: App inventor for android: report from a summer camp. In: Proceedings of the 43rd ACM Technical Symposium on Computer Science Education, SIGCSE 2012, pp. 283–288, New York, NY, USA. ACM (2012)
Fowler, M.: UML Distilled: A Brief Guide to the Standard Object Modeling Language. Addison-Wesley Professional, Boston (2004)
Hammond, T., Davis, R.: LADDER, a sketching language for user interface developers. Comput. Graph. 29(4), 518–532 (2005)
Ferrari, M., Ferrari, G., Clague, K., Brown, J., Hempel, R.: LEGO Mindstorm Masterpieces: Building and Programming Advanced Robots. Syngress, Rockland (2003)
Matheus, A., Herrmann, J.: Geospatial extensible access control markup language (GeoXACML). Open Geospatial Consortium Inc. (2008)
Anderson, A.: Core and hierarchical role based access control (RBAC) profile of XACML v2.0. OASIS Standard (2005)
Ulltveit-Moe, N., Oleshchuk, V.: Enforcing mobile security with location-aware role-based access control. Security and Communication Networks, pp. 172–183 (2013)
Ulltveit-Moe, N., Oleshchuk, V.: Mobile security with location-aware role-based access control. In: Prasad, R., Farkas, K., Schmidt, A.U., Lioy, A., Russello, G., Luccio, F.L. (eds.) MobiSec 2011. LNICST, vol. 94, pp. 172–183. Springer, Heidelberg (2012)
Bonatti, P., Galdi, C., Torres, D.: ERBAC: event-driven RBAC. In: Proceedings of the 18th ACM Symposium on Access Control Models and Technologies, SACMAT 2013, pp. 125–136, New York, NY, USA. ACM (2013)
Acknowledgements
This project was sponsored as a summer internship at the University of Agder. The project has also been sponsored by the FP7 EU projects:
PRECYSE - Protection, prevention and reaction to cyberattacks to critical infrastructures, contract number FP7-SEC-2012-1-285181 (http://www.precyse.eu);
SEMIAH - Scalable Energy Management Infrastructure for Aggregation of Households, contract number ICT-2013.6.1-619560 (http://semiah.eu).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Nergaard, H., Ulltveit-Moe, N., Gjøsæter, T. (2015). ViSPE: A Graphical Policy Editor for XACML. In: Camp, O., Weippl, E., Bidan, C., Aïmeur, E. (eds) Information Systems Security and Privacy. ICISSP 2015. Communications in Computer and Information Science, vol 576. Springer, Cham. https://doi.org/10.1007/978-3-319-27668-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-27668-7_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-27667-0
Online ISBN: 978-3-319-27668-7
eBook Packages: Computer ScienceComputer Science (R0)