ViSPE: A Graphical Policy Editor for XACML

In this paper we present the Visual Security Policy Editor (ViSPE), a policy-maker-friendly graphical editor for the eXtensible Access Control Markup Language (XACML). The editor is based on the programming language Scratch and implemented in Smalltalk. It uses a graphical block-based syntax for declaring access control polices that simplifies many of the cumbersome and verbose parts of XACML. Using a graphical language allows the editor to aid the policy-maker in building polices by providing visual feedback and by grouping blocks and operators that fit together and also indicating which blocks that stick together. It simplifies building policies while still maintaining the basic structure and logic of XACML.

[1]  Emil C. Lupu,et al.  Ponder2: A Policy System for Autonomous Pervasive Environments , 2009, 2009 Fifth International Conference on Autonomic and Autonomous Systems.

[2]  Eric Rosenbaum,et al.  Scratch: programming for all , 2009, Commun. ACM.

[3]  Jorge Lobo,et al.  An Algebra for Integration and Analysis of Ponder2 Policies , 2008, 2008 IEEE Workshop on Policies for Distributed Systems and Networks.

[4]  Marcus Denker,et al.  Towards a flexible Pharo Compiler , 2013 .

[5]  Nils Ulltveit-Moe,et al.  Enforcing mobile security with location-aware role-based access control , 2016, Secur. Commun. Networks.

[6]  Stan Matwin,et al.  A non-technical XACML target editor for dynamic access control systems , 2014, 2014 International Conference on Collaboration Technologies and Systems (CTS).

[7]  Piero A. Bonatti,et al.  ERBAC: event-driven RBAC , 2013, SACMAT '13.

[8]  Krishnendu Roy,et al.  App inventor for android: report from a summer camp , 2012, SIGCSE '12.

[9]  Nils Ulltveit-Moe,et al.  Decision-cache based XACML authorisation and anonymisation for XML documents , 2012, Comput. Stand. Interfaces.

[10]  Kendall Scott,et al.  UML distilled - a brief guide to the Standard Object Modeling Language (2. ed.) , 2000, notThenot Addison-Wesley object technology series.

[11]  David J. Malan,et al.  Scratch for budding computer scientists , 2007, SIGCSE.

[12]  Vladimir A. Oleshchuk,et al.  Mobile Security with Location-Aware Role-Based Access Control , 2011, MobiSec.

[13]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[14]  Randall Davis,et al.  LADDER, a sketching language for user interface developers , 2005, Comput. Graph..

[15]  Nils Ulltveit-Moe,et al.  A novel policy-driven reversible anonymisation scheme for XML-based services , 2015, Inf. Syst..