Project

Software engine for XACML implementation on role based access control

This project is a continuation of a previous student’s master’s project, which produced a software engine capable of parsing through XACML policy files and used the collected data to produce role-based access control (RBAC) statements executed in Microsoft SQL Server. However, there were a few important aspects of XACML that still required handling, including XACML request and response files, conflict resolution among policies, and policy refinement. This project handled these additional aspects, as well as performance evaluation, user interface updating, and code cleaning. By making the additions stated above, this project has now fully realized its initial goal of parsing XACML policies into RBAC statements: a software engine has been produced that will completely automate the process of access control, needing nothing more than a set of policies in a simple XML format. Once a user has selected a directory containing the policies, the engine will sequentially select each file residing within, construct the RBAC structure, store the structure in a set of tables, resolve any conflicts arising from the structure, and produce the appropriate SQL commands to represent the structure internally within the database. Additionally, if a user wants to determine if a database member has certain access permissions, the user can submit an XACML request. The engine will determine the result of the request and store it in an XACML response file. A user may also make changes to an existing XACML policy without worrying about conflicts with previously executed statements.

Relationships

Items