Access Road 0.7.1
Introduction to Access Road


The simulations | The graphical user interface

The tutorials | The limitations | The design | The reliability



The Access Road software is a universal simulator of access controls, to improve the design and the audit of IT security.

We introduce the version 0.7 in a coherent view, rather than enumerate the elementary changes from the previous 0.6 version. The improvements of 0.7 are mainly for the Access Road data model and the search of access paths, to extend the simulation capacities. Due to the genericity of the previous version, the software architecture and the GUI remains almost the same.

The simulations

Access Road 0.7 provides the simulation of two great software and one theoretical application for learning purpose:

  • as an example of operating system, the Linux Ubuntu® 8.04 access controls are simulated with the file system and the authorization system; this covers, in an ACS addon (new in 0.7), the User-Group-Other Linux rights including the inherited rights from the parents, some Linux kernel capabilities, and the Ubuntu authorizations on system resources,

  • as an example of DBMS, the MySQL Server® 5 access controls are simulated (new in 0.7); this covers the structure of components, the MySQL privileges, the priority rules among the privileges and the privileges inheritance,

  • at the application level, a typical large application which follows the Role-Based Access Control model; this covers the tree of functional roles, the application transactions, and the ACLs with granting and denying rights.

By design, Access Road models varied types of objects and access controls. It may be customized to simulate many real systems with their structural properties, their behaviors, their standard and non-standard components and their rights.

Most of the object modelings from the previous version have been improved. The AclEntry may have a simple condition group. The ACS type policy is extended. Access Road 0.7 provides complementary objects as following:

  • the typed and the linked privileges (new in 0.7),

  • the information system (new in 0.7),

  • the virtual folders (new in 0.7),

  • the aliasing relation (new in 0.7),

  • the inheritance of AclEntry and Privilege (new in 0.7),

  • the ACS parent roots (new in 0.7),

  • the external AclEntries and linked privileges (new in 0.7.1).

To specify the structure and the behavior of a software in a new ACS, two ways are proposed to the Access Road user without coding: (1) through a smooth derivation from one current simulation, (2) by entering all the structural properties by hand. The ACS components have always to be defined by hand, except for some default components an ACS may create.

Access Road 0.7 is able to simulate, right now, a certain variety of application software. The RBAC model is a good representative of the application needs. For the other types of software (system software, network software...), the access control functions and the structure are often more complex. Every software has to be studied thoroughly to evaluate the Access Road ability to simulate it. The source of the data is never the algorithms or the code of the software to simulate, but its official description in the user documentation and its behavior, seeing from an user point of view. The current 0.7 version has still a long way to go before being able to simulate the thousand of important software in IT systems.

The graphical user interface

The graphical user interface is standardized, easy to use and versatile. It facilitates both simple and complex works over all the simulations to handle. It allows the user to study the details of a complex structure... or the final compliance with a general security rule. It allows him to work on large texts which explain a simulation... or on a diagram to catch a result in a single look.

The GUI may be customized for a given ACS, but mainly on the properties the beamer displays. By this way, when the user learns the GUI for one ACS, he masters it for all. He may then concentrate his efforts on the behavior of each modeled software. Newbies may easily use Access Road after the creation of a simulation by an inner feature, or by an advanced user.

The GUI uses an object-oriented framework using multiple windows, varied kinds of diagrams and textual representations. The mouse has to use only the left clicking, and it is straightforward because the GUI automatically adapts the open windows to the new selected object. All the simulations start with the creation of an Access Control System (ACS) to model a given software. The main features of the graphical user interface are listed hereafter:

  • the explorer shows in a specific window the structure, as a tree, of the open Access Control System (or ACS), the open views and the generic rights,

  • the beamer window allows to see and to update the properties of a modeled object, with all the update constraints coming down from the ACS policy, and it manages also the specific properties from an ACS addon,

  • the information system window displays the tree of all the ACS and the passive nodes the programs knows, including their parent/child relations (new in 0.7),

  • the sketcher window shows quickly the very near objects of any modeled object, that is, its direct rights users and access targets, with the relevant rights,

  • the user-defined full views for rights simulation, containing from 0 to 48 objects in each view, to search all the direct and indirect access paths between the view objects, and to display the paths in the form of a diagram and a text,

  • the user-defined NoMore-NoLess views for the security policy compliance, to display in a diagram, and for one access target, if a set of rights users fulfills the maximum/minimum allowed rights on this target,

  • the export/import functions to export images and texts from Access Road in any external document, and to exchange ACS models between different desktop computers.

Exchanging ACS models is useful for internal users in a company. In the future, we hope it will allow to set a public catalog of shared ACS made both by the developers and the non-developer users.

Unfortunately, the Access Road files of the 0.6 version cannot be open in this 0.7 version. This is due to the huge extension of the complex ACS properties. The version 0.7.1 handles all the objects of the version 0.7.0, excepted the linked privileges. This does not forbid the opening of the main 0.7.0 ACS like Ubuntu, MySQL and RBAC application.





About Access Road



One-hour tutorial for learning access controls

Two-hours tutorial for designing access controls

One-hour tutorial for verifying access controls

Why Access Road is unique

Glossary


The tutorials

Three basic tutorials are the getting-started documentation. They provide a smooth learning curve to everyone. There is no requisite about the skills to have for following these tutorials. The tutorials use a balanced approach to learn both the Access Road core platform, and the use of a given-software simulation, even if you do not know this software. By the way of a simulated Linux Ubuntu® and a simulated MySQL Server®, the tutorials demonstrates how the generic functions support the specific features of a given simulation. The tutorials introduce Access Road from 3 points of view listed hereinafter:

  • an one-hour tutorial for learning the access controls of a simulated Linux Ubuntu®, and for using the four main tools: the explorer, the beamer, the IS structure and the sketcher; it is a 19-pages printable document,

  • a two-hours tutorial for knowing the main ACS properties, for understanding the design of access controls into MySQL Server®, and for learning how to use the Access Road full view; it is a 26-pages printable document,

  • an one-hour tutorial for verifying in a theoritical Role-Based-Access-Control application, the access controls compliance with the security policy, for learning the NoMore-NoLess view and the ACS import/export functions; it is a 15-pages printable document.

It is recommended to follow these 3 tutorials in their order of presentation. Nonetheless, the user interface is so intuitive that one may start directly to work with, using the glossary of Access Road terms when a new concept appears. Last but not least, there are the specific tutorials for the ACS add-ons Linux Ubuntu and MySQL Server.

We hope to bring to you a powerful, user-friendly, reliable, efficient and scalable program. Don't hesitate to tell us your personal opinion about both the concept and the tool.

What Access Road 0.7.1 does not do

This section should be ridden after the tutorials. The generic features have the following limitations:

  • The authentification services, like the password checking for instance, are not covered by Access Road, because they are before the access controls. Authentification is a separate security function.

  • Access control simulation is about what it is really possible to do. Access Road does not always simulate fully the current experience of an administrator or developer using the simulated software. For instance, the GUI of the simulated software is not shown by Access Road. On the other hand, it is often a secondary objective to help the user to find in Access Road the usual concepts of the simulated software. For instance, the SQL GRANT statements are not exactly simulated, although the MySQL access controls are created through them. Of course, there is a precise consistency between the space of the GRANT statements and the commands Access Road handles to simulate the MySQL Server. Moreover, the Access Road GUI mimics the GRANT statement to present the current state of the MySQL Server access controls, in so-called 'primary rights'. But this indeed is not a full simulation of GRANT. More generally, Access Road does not handle some 'false' access controls. For instance, when a developer accessing a PostgreSQL database uses the command 'SET ROLE' to change dynamically the set of rights PostgreSQL attributes to its connection, this is not access control, but simply a coding practice. In fact, the program does have the rights of all the set of roles PostgreSQL allows this connected user to take. In such a case, an Access Road simulation of PostgreSQL would cover the rights from all this set of roles as a whole, just like they are offered to this connected PostgreSQL user.

  • In this version, there is no ability to import the state (components, rights) of a simulated software from a real instance of the software, nor to export a simulated state into a true instance. Generally speaking, importation and exportation are more easy to do than the simulation, for a given software to simulate. They are planned for future versions. We think that this feature is the key to ensure the success of this project. Nonetheless, the development of the universal platform is the first mandatory step to succeed, because we have to demonstrate first the Access Road concept.

  • The logical access controls are modeled, not the organization of a company. For instance, if two users have one common IT account and password, this is not visible by the logical access controls.

  • The relations between the ACS are not fully handled, even if the version 0.7.1 handles the external AclEntries and Linked Privileges (a workable management of the ACS relations is planned for the next 0.7.2 version),

  • The typed and linked privileges are fully managed only for the simplest forms and for the one-to-one linked privilege (new in 0.7.1),

  • The administrative rights, that are the rights to change the current rights, are modeled but their application to change the current rights is not provided.

  • The access controls are simulated in the views for a given state of the Access Road base. This means it is not possible to sum the access controls result of two distincts states of the base, simulating two options or a sequence of states in time.

The Linux Ubuntu simulation has the following limitations:

  • the Linux kernel capabilities, which are a special form of access control on the OS resources, are not fully simulated,

  • the POSIX ACLs are not modeled,

  • the Linux network system and the Netfilter firewall are not modeled.

The MySQL Server simulation has the following limitations:

  • the security-related mysqld options are not managed,

  • the host and base names cannot include more than one wildcard,

  • the blank user names are forbidden,

  • for a host value specified as an IP address, there is no handling of the netmask.



About Access Road



One-hour tutorial for learning access controls

Two-hours tutorial for designing access controls

One-hour tutorial for verifying access controls

Why Access Road is unique

Glossary


The design

We think access control simulation is a worldwide innovation. We are proud to bring in it as a great free software. Access Road 0.7 is the result of more than 5 person-years of work to search the best design solutions, and to develop a code which is fully original. There is no integration of external code.

The main innovation has been to study a core platform for handling all the access controls, able to be derived for simulating the access controls of a given software. The second innovation has been to present to the user, the full complexity of rights in, as far as possible, simple, generic and varied points of view, while a limited customization offers the best possible explanation about each specific simulation. The third innovation is an unique object-oriented database management system, which provides great performance, integrated integrity controls, extensibility and scalability.

The Access Road design is driven by the following principles:

  • to model first the objects on which access control applies, then the access controls, and for that, use some concepts as UserID, GroupID, Resource, Directory, Access Control Lists, User-Group-Other rights as in Linux®, Group hierarchy as in a RBAC application, granting and denying rights, rights hierarchy, rights inheritance...

  • to model the structure of each specific software to simulate it as one or several 'Access Control System' (or ACS) in Access Road, and to model the internal structural constraints on the key properties of each ACS object,

  • to use 8 architectural patterns, like the access path search pattern and the ACS add-ons pattern, to master the software reusability, testability, performance and extensibility,

  • to design the rights simulator for detecting all the authorized paths between any given couple (rights user, access target) from any ACS, and for detecting all the structural links for any couple of objects, like the owning relation from an account to a file,

  • to show the rights simulation into complementary diagram and text, where the diagram offers a simplified and visual result, but without never being a caricature that distorts important things, while the text explains in details all the results in a standardized form into which an ACS add-on may insert its own terms,

  • to update the simulations on the fly, at each user change on any object property which influences the current right simulations,

  • to have multi-threading for the access paths search, letting the user interacts with the user interface during the large searches (new in 0.7); on the other hand, most of the searches are done in a period of less than one second, on a medium-size desktop computer,

  • to design the ACS add-ons for facilitating the extension of the Access Road simulations with a minimum effort of Java coding, offering a great versatility in the choice of the generic features to adapt to a new simulation (new in 0.7).


The reliability

The 0.7 version is a beta version, but it is workable and reliable. It is able to help the user for complex works. Errors should be from the code, of course, but also from the specification of a given software simulation, or from any user misunderstanding because the results may be rather complex. The overall reliability of Access Road is based on the following principles, trying to cover the main issues:

  • the object-oriented database system is isolated from the other code packages, and its code is thoroughly tested,

  • this database system ensures all the integrity controls, coming down both from the general model and the software simulation model,

  • the specification of a given software simulation is done, as far as possible, through a set of properties the user may consult and study at any time, and this includes the ACS addon properties,

  • the code for the generic access paths search is mainly structured by the ACS properties to handle; it is tested through a large set of generic ACS and ACS add-ons to cover most of the ACS properties space,

  • the most difficult errors is when the context of use of a method may change strongly, or when a method does things beyond its contract. The usual catalog of unit and integration tests is never suffisant to cover all these complex cases. This is still more true for a framework. The best way is to use different contexts of use for each method to test, so that most of the bugs appear. The Access Road way of testing is to test both the results, the call paths among the methods, and the changes of the inner data in a class or a method. Nonetheless, such a framework has to be tried by numerous users in varied contexts to be fully reliable. This is why Access Road 0.7.1 is considered as a beta version, although it is quite stable.

  • the access paths search code is also tested by the comparison of several independently-coded algorithms (but this is no parallel programming) to search for the 2-nodes paths, the 3-nodes paths and the more-than-3-nodes paths,

  • the user updating is controlled, and each refusal by the program is explained to the user, with the true context of the ACS and the implied simulations,

  • the simulated access paths between two modeled objects are explained in details in a generated text, to avoid, as far as possible, any misunderstanding of the results,

  • the specific behavior of an ACS is explained into several beamer ACS tabs ('Rules', 'See Why') and by a dedicated documentation.

The simulations | The graphical user interface

The tutorials | The limitations | The design | The reliability


®All trademarks are property of their respective holders. Copyright ACCBEE – 02 May 2012



About Access Road



One-hour tutorial for learning access controls

Two-hours tutorial for designing access controls

One-hour tutorial for verifying access controls

Why Access Road is unique

Glossary