TY - THES
T1 - Extending and improving the usability of an application to investigate the performance of ICT access control
systems
AU - Ali Saleem, Shahzada
N1 - This was for the final master project
This is a placeholder note
PY - 2016
Y1 - 2016
N2 - Information Technology (IT) platforms enable digital artifacts such as spreadsheets and
videos to be shared, but sensitive data such as trade secrets and personal information needs
to be protected from unauthorised access. Security rules are checked whenever access is
requested. Security checking can quickly become a bottleneck and make the IT platform
much more difficult to use, so the Scalability Testbed for Access Control Systems (STACS)
testbed has been built in TSSG (Butler et al., 2010) to make it easier to study the conditions
where access control performance becomes unacceptable. To use the testbed, it is necessary to
configure it to match the scenarios being studied. Butler and Jennings (2015) introduced the
ATLAS framework that incorporates this testbed and adds extra components a) to configure
it to undertake more complex performance experiments (notably, by generating suites of
policies and requests with differing characteristics) and b) to analyse the results of these
experiments.
This dissertation describes work relating to the extension of the ATLAS system 1) to
provide an easy-to-use GUI for specifying parameters relating to the generation of XACML
policy and request sets and 2) for the support of XACML 3.0 as well as XACML 2.0. The
key contributions are:
1. A workflow and GUI that breaks down the task of configuring the policy and request
generator of ATLAS into easy steps using an attractive editing application with a focus
on information design and usability;
2. Adding the option to export sets of policies and requests in the EXtensible Access
Control Markup Language Version 3.0 (XACML3.0) standard, building upon the existing
ATLAS infrastructure for exporting EXtensible Access Control Markup Language
Version 2.0 (XACML2.0) policies and requests;
3. Adding an adapter to integrate a new implementation of PDP for evaluating requests
based on XACML3.0 standard called BalanaPDP in STACS.
AB - Information Technology (IT) platforms enable digital artifacts such as spreadsheets and
videos to be shared, but sensitive data such as trade secrets and personal information needs
to be protected from unauthorised access. Security rules are checked whenever access is
requested. Security checking can quickly become a bottleneck and make the IT platform
much more difficult to use, so the Scalability Testbed for Access Control Systems (STACS)
testbed has been built in TSSG (Butler et al., 2010) to make it easier to study the conditions
where access control performance becomes unacceptable. To use the testbed, it is necessary to
configure it to match the scenarios being studied. Butler and Jennings (2015) introduced the
ATLAS framework that incorporates this testbed and adds extra components a) to configure
it to undertake more complex performance experiments (notably, by generating suites of
policies and requests with differing characteristics) and b) to analyse the results of these
experiments.
This dissertation describes work relating to the extension of the ATLAS system 1) to
provide an easy-to-use GUI for specifying parameters relating to the generation of XACML
policy and request sets and 2) for the support of XACML 3.0 as well as XACML 2.0. The
key contributions are:
1. A workflow and GUI that breaks down the task of configuring the policy and request
generator of ATLAS into easy steps using an attractive editing application with a focus
on information design and usability;
2. Adding the option to export sets of policies and requests in the EXtensible Access
Control Markup Language Version 3.0 (XACML3.0) standard, building upon the existing
ATLAS infrastructure for exporting EXtensible Access Control Markup Language
Version 2.0 (XACML2.0) policies and requests;
3. Adding an adapter to integrate a new implementation of PDP for evaluating requests
based on XACML3.0 standard called BalanaPDP in STACS.
KW - ICT access control systems
M3 - Master's Thesis
ER -