A Scratch-based Graphical Policy Editor for XACML

Henrik Nergaard, Nils Ulltveit-Moe, Terje Gjøsæter

2015

Abstract

This paper proposes a policy-maker -friendly editor for the eXtensible Access Control Markup Language (XACML) based on the programming language Scratch. Scratch is a blocks-based programming language designed for teaching children programming, which allows users to build programs like a puzzle. We take this concept one step further with an XACML policy editor based on the graphic programming elements of Scratch implemented in Smalltalk. This allows for aiding the user on how to build policies by grouping blocks and operators that fit together and also indicating which blocks that will stick together. It simplifies building the XACML policies while still having an XACML "feel" of the graphic policies.

References

  1. Anderson, A. (2005). Core and hierarchical role based access control (rbac) profile of xacml v2.0. OASIS Standard.
  2. Bera, C. and Denker, M. (2013). Towards a flexible Pharo Compiler. In Lagadec, L. and Plantec, A., editors, IWST, Annecy, France. ESUG.
  3. Bonatti, P., Galdi, C., and Torres, D. (2013). ERBAC: Event-driven RBAC. In Proceedings of the 18th ACM Symposium on Access Control Models and Technologies, SACMAT 7813, pages 125-136, New York, NY, USA. ACM.
  4. Ferrari, M., Ferrari, G., Clague, K., Brown, J., and Hempel, R. (2003). LEGO Mindstorm Masterpieces: Building and Programming Advanced Robots. Syngress.
  5. Fowler, M. (2004). UML Distilled: A Brief Guide to the Standard Object Modeling Language. AddisonWesley Professional.
  6. Hammond, T. and Davis, R. (2005). LADDER, a sketching language for user interface developers. Computers & Graphics, 29(4):518-532.
  7. Malan, D. J. and Leitner, H. H. (2007). Scratch for budding computer scientists. In Proceedings of the 38th SIGCSE Technical Symposium on Computer Science Education, SIGCSE 7807, pages 223-227, New York, NY, USA. ACM.
  8. Matheus, A. and Herrmann, J. (2008). Geospatial extensible access control markup language (geoxacml). Open Geospatial Consortium Inc.
  9. Moses, T. (2005). Extensible access control markup language (XACML) version 2.0. OASIS Standard.
  10. Resnick, M., Maloney, J., Monroy-Hernández, A., Rusk, N., Eastmond, E., Brennan, K., Millner, A., Rosenbaum, E., Silver, J., Silverman, B., and Kafai, Y. (2009). Scratch: Programming for all. Commun. ACM, 52(11):60-67.
  11. Roy, K. (2012). App inventor for android: Report from a summer camp. In Proceedings of the 43rd ACM Technical Symposium on Computer Science Education, SIGCSE 7812, pages 283-288, New York, NY, USA. ACM.
  12. Stepien, B., Felty, A., and Matwin, S. (2009). A nontechnical user-oriented display notation for xacml conditions. In Babin, G., Kropf, P., and Weiss, M., editors, E-Technologies: Innovation in an Open World, volume 26 of Lecture Notes in Business Information Processing, pages 53-64. Springer Berlin Heidelberg.
  13. Stepien, B., Matwin, S., and Felty, A. (2011). Advantages of a non-technical XACML notation in role-based models. In 2011 Ninth Annual International Conference on Privacy, Security and Trust (PST), pages 193- 200.
  14. Twidle, K., Dulay, N., Lupu, E., and Sloman, M. (2009). Ponder2: A policy system for autonomous pervasive environments. In Fifth International Conference on Autonomic and Autonomous Systems, 2009. ICAS 7809, pages 330-335.
  15. Ulltveit-Moe, N. and Oleshchuk, V. Mobile security with location-aware role-based access control. In Security and Privacy in Mobile Information and Communication Systems, volume 94 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering. Springer Berlin Heidelberg.
  16. Ulltveit-Moe, N. and Oleshchuk, V. (2012). Decisioncache based XACML authorisation and anonymisation for XML documents. Comput. Stand. Interfaces, 34(6):527-534.
  17. Ulltveit-Moe, N. and Oleshchuk, V. (2013). Enforcing mobile security with location-aware role-based access control. Security and Communication Networks, pages 172-183.
  18. Ulltveit-Moe, N. and Oleshchuk, V. (2015). A novel policy-driven reversible anonymisation scheme for xml-based services. Information Systems, 48(0):164 - 178.
  19. Zhao, H., Lobo, J., and Bellovin, S. (2008). An algebra for integration and analysis of ponder2 policies. In IEEE Workshop on Policies for Distributed Systems and Networks, 2008., pages 74-77.
Download


Paper Citation


in Harvard Style

Nergaard H., Ulltveit-Moe N. and Gjøsæter T. (2015). A Scratch-based Graphical Policy Editor for XACML . In Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-081-9, pages 182-190. DOI: 10.5220/0005240101820190


in Bibtex Style

@conference{icissp15,
author={Henrik Nergaard and Nils Ulltveit-Moe and Terje Gjøsæter},
title={A Scratch-based Graphical Policy Editor for XACML},
booktitle={Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2015},
pages={182-190},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005240101820190},
isbn={978-989-758-081-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 1st International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Scratch-based Graphical Policy Editor for XACML
SN - 978-989-758-081-9
AU - Nergaard H.
AU - Ulltveit-Moe N.
AU - Gjøsæter T.
PY - 2015
SP - 182
EP - 190
DO - 10.5220/0005240101820190