FGAC PAP User Manual - KTH-SEECS Applied Information Security
Contents
1. 2 Click Yes to confirm the deletion in the confirmation Dialog box Confirmation x A Are you sure you want to delete aoe After the successful deletion of selected Policy updated list of available Policy attribute is displayed on the Policy interface 3 Applicable Targets Description T t 5 l rat on acne tO Geete cata Been Policy for Deleting Data ori Server vor largat abio to access LVS Pobcy for accessing resources on LMS PC 4 Manage Policy Set In order to add update and delete Policy Set and its related attribute including Target Rule and Policy select Policy Set from the main Policy Creation dropdown menu PolicyCreation Target Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 87 National ICT R amp D Fund MPS 1 Create Policy Set 1 Below is the main Policy Set interface which is used to add update and delete Policy Set and its related attribute 2 Click on Add Policy Set button to add new Policy Set attribute into the database 3 In the Add New Policy Set interface specify PolicySet Name Description Policy Combining Algorithm along with the applicable Target It provides the provision to add applicable Policies and Policy Sets into the newly created Policy Set2. 3 After clicking the selected Policy Set will be opened in the default XML viewer Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 99 National ICT R amp D Fund lt xml yersion 1 0 encoding UTF 8 standalone yes gt lt PolicySet smln3 urn 0as1s names te xacml 2 0 policy schema os PolicySetId SSCDataPolicySet Version 2 0 Polic lt Target gt lt Resources gt lt Resource gt lt ResourceMatch MatchId urn oasis names te xagm 1 0 function string equal gt lt AttributeValue DataType http wow w3 org 2001 XMLSchema string gt BESE 2 lt AttributeValue gt lt ResourceAttributeDesignator Attributeld urn oasis names tc xacml 1 0 resource lectures DataT lt ResourceMatch gt lt ResourceMatch MatchId urn oasis names tc xagm 1 0 function string equal gt lt AttributeValue DataType http wow w3 org 2 001 XMLSchemag string gt BESE 1 lt AttributeValue gt lt ResourceAttributeDesignator Attributeld urn oasis names tc xacm 1 0 resource lectures DataT lt ResourceMatch gt lt Resource gt lt Resource gt lt ResourceMatch MatchId urn oasis names te xagm 1 0 function string equal gt lt AttributeValue DataType http wow w3 org 2001 XMLSchema string gt BESE 1 lt AttributeValue gt
3. Resource Attribute tab on the main Resource interface Click on the Delete option from the dropdown list Resource Attributes Lecture Notes Student Dacumant Update r 5 Click Yes to confirm the deletion in confirmation dialog box Confirmation x A Are you sure you want to delete v Yes x No 6 The selected Attribute is deleted along with all of its Attribute Values as shown in below figure Resource Attributes Lecture Notes 7 To delete a particular Attribute Value right click on that value under the Resource Attribute Value tab and click on the Delete option Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 29 National ICT R amp D Fund Resource Attributes Value Doc Update 8 Click Yes in the confirmation dialog box to confirm deletion Confirmation x A Are you sure you want to delete 9 The selected Attribute value is deleted as shown in below figure Resource Attributes Value No records found SL 3 Manage Action This section demonstrates how to create update and delete the Action in System Learning phase MA 1 Create Action 1 In order to create Action select the Action option from dropdown list as depicted below Extensible Access
4. A Are you sure you want to delete Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 55 National ICT R amp D Fund 6 On confirmation the selected Attribute is deleted along with all of its Attribute Values as shown in below figure Ervircoment Attribute Vaise Mo recors toured 7 To delete a particular Attribute Value click on that value under the Environment Attribute Value tab and click on the Delete option Environment Attribute Value 9 17 Update d 8 Click Yes in confirmation Dialog box Confirmation x A Are you sure you want to delete v Yes x No 9 The deleted Attribute Value is removed as shown below Environment Attributes Environment Attribute Value Office Timings 09 00 IP Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 56 National ICT R amp D Fund B Policy Creation In this section we demonstrate the procedure to perform add update and delete operations on the Target Condition Rule Policy and Policy Set attributes in the Policy Creation phase Select Policy Creat
5. Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 16 National ICT R amp D Fund 8 Confirm the decision by selecting Yes in Confirmation dialog Confirmation x A Are you sure you want to delete Subject Attributes Subject Attribute Values Department DoC SL 2 Manage Resource This section demonstrates how to create update and delete the Resource in System Learning phase MR 1 Create Resource 1 In order to create Resource select the Resource option from dropdown list as depicted below Sem Leaming 7 2 After selecting the Resource option in previous step the following Resource interface is displayed to add the new Resource This interface further includes three main portions as highlighted with a b and c in the below figure Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 17 National ICT R amp D Fund Resource These are the avalible pesourte Resource Description Student Sharing Center Learning Management System Resource Attributes Resource Attributes Value No records found
6. Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 85 National ICT R amp D Fund Update Policy Name LMS Data Access Policy for accessing files and data on M Description Rule Combining Algonthm Permit overrides Available Target AA 5 Target able to access L Target able to delete data from Server 3 After the successful execution of update function Policy interface displays the list of updated Policy attribute Policy Policy Rule Combining Algorithm Applicable Targets Description Target able to delete data from SC Data Deletion Deny Overnides Sarver Pokey for Deleting Data on Server EVE Target able to access LMS Potoy for accessing resources on LMS Deny Overndes MP 3 Delete Policy 1 In order to Delete any of the existing Policy right click on that particular Policy and select Delete from the menu Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 86 National ICT R amp D Fund Applicable Targets Target able to deete data from Policy for Deleting Data on Server Server Acressing LMS Target able to access LMS Policy for accessing resources on LMS LMS Deta Anress i Target able to access LMS Policy for accessing fies and datz on LMS
7. ais seecs nust edu pk project 76 National ICT R amp D Fund 2 Click Yes in the confirmation Dialog box Confirmation x A Are you sure you want to delete 3 The condition will be deleted from the database and will not be available in the main Condition page Condition Condition ID Condition Description No records found PC 3 Manage Rule In order to add update and delete Rule and its corresponding Target attribute select Rule from the main Policy Creation dropdown menu PolicyCrestion Target MU 1 Create Rule 1 Below is the main Rule interface which is used to add update and delete Rule and its related attributes Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 77 National ICT R amp D Fund 2 Click on Add Rule button to add new Rule attribute into the database Applicable Targets 3 In the Create Rule interface specify Rule Name Description its corresponding Effect the applicable target and the applied condition and click on Save to insert the new Rule attribute into the database and Cancel to discard the added information Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pa
8. Action added the sign is disabled Action Attribute Value No records found 3 Click on the Add Action button on the bottom right corner of the below interface Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 32 National ICT R amp D Fund These pis the peetaele sro Action Description Meo records found Action Afinwtes o Action Attribute Value NO records found No records town 4 The Create Action interface is opened to add the required number of Actions This interface further has three main portions to add the Action its Attributes and Attribute Values as highlighted with a b and c in figure below Creete Action Create Action Aton Name cton Descrotorn There we the aeatatee action atindbutet Action Attributes Action Attribute Valwes Neo records found No records found b a 1 The first portion of the interface consists of Action Name and Action Description text boxes Add the required name and description in text boxes as shown below Action Name Achon Descriptor Enter the action descnption here Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Te
9. Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 30 National ICT R amp D Fund 2 After selecting the Action option in previous step the following Action interface is opened This interface further includes three main portions as highlighted with a b and c in the below figure Action Description StafP s Actions Actions that the Staff can perform Teese are the avatlatie acven anri Aes Action Attributes ion Attribute Value No records found o records found C a The upper portion of the Action interface contains Action Name and Action Description tabs b The second portion of this interface contains the Action Attributes tab that enlists the added Attributes for a given Action Initially when there are no records in the database the button is disabled Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 31 National ICT R amp D Fund Action Attributes No records found c The third part of the interface consists of Action Attribute Values tab that gives a list of different values for a specific Attribute When there is no
10. DataType http wwow w3 org 2 001 XMLSchema string gt BESE 1 lt AttributeValue gt lt ResourceAttributeDesignator Attributeld urn oasis names tc xacml 1 0 resource lectures DataType lt ResourceMatch gt lt Resource gt lt Resource gt lt ResourceMatch MatchId urn oasis names t xacgml1 1 0 function string equal gt PG 2 Policy Set Generation MPSG 1 XACML Policy Set Generation 1 Click on XACML Policy Set Generation XACML Generation XACML Policy Gererahon XACML Policy Set Generation Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 96 National ICT R amp D Fund a a 2 Initially if there is no Policy Set in the database the message No rec displayed otherwise the Description of Policies is shown XACML Policy Set Generation 3 All the Policies and PolicySet we will be generated in the F drive Right now we have not generated policies or PolicySet therefore the drive F is only showing generated Policies t New Volume F Burn New folder Name Date modified Type di Personal Data 5 10 2014 12 19 PM File folder C Data Deletion_P 5 10 2014 12 24 PM AML Document Accessing LMS_P 5 10 2014 12 24 PM XML Document 4 Click on the Generate all XACML Policies button to ge
11. No records found C a The first part of the Resource interface contains Resource Name and Resource Description Columns No records touna b The second portion of this interface contains the Resource Attributes tab that enlists the added Attributes for a given Resource Initially when there are no records the button is disabled Resource Attributes No records found c The third part of the interface consists of Resource Attribute Values tab that gives a list of different values for a specific Attribute At the start when no Resource Attribute and Attribute Values are added the button is disabled Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 18 National ICT R amp D Fund Resource Attributes Value No records found t 3 Click on the Add Resource button on the bottom right corner of the below interface 4 The Create Resource interface is opened to add the required number of Resources This interface further has three main portions to add the Resource Attributes and Attribute Values as highlighted with a b and c in below figure Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islama
12. Subject Description columns If there are no Subjects in the database No records found appears otherwise the table is populated with the existing Subjects of database Access Subject Subject for the faculty Access Subsect Subject for the Studert Access Subject Subject for the Stafi b The second portion of this interface contains the Subject Attributes tab that enlists the added attributes for a given Subject Initially there are no records in the database and the button is also disabled Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project National ICT R amp D Fund These are the available subject attributes ae pei Subject Attributes c The third portion of the interface consists of Subject Attribute Values tab that gives a list of different values for a specific attribute At the start when no Subject Attribute and Attribute Values are added the sign is disabled These are the available subject attribute values ae 2 Subject Attribute Values 3 Click on the Add Subject button on the bottom right corner of the below interface Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pa
13. The following window is appeared Enter the new required value for Attribute and then click on Save button Update Resource Attribute Value Attribute Value Doc 9 The updated value for the Resource Attribute is displayed instead of the previous value as shown below Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 27 National ICT R amp D Fund Resource Attributes Value Doc MR 3 Delete Resource 1 Right click on the name of that Resource in main Resource interface Select the Delete option from the dropdown list Resource Resource Name Resource Description LMS Learning Management System Update 2 Confirm the deletion by clicking the Yes in the Delete confirmation dialog Box Confirmation x A Are you sure you want to delete v Yes x No 3 The selected Resource is deleted as shown in below figure The Resource Attributes and Resource Attribute Values are also deleted for that specific Resource records found Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 28 National ICT R amp D Fund
14. The second phase for the PAP namely Policy Creation includes the creation of Target Rule Policy and PolicySet In this regard the document explains how to create delete and update the Policy Creation attribute It provides step by step instructions for 1 Manage Target 11 Manage Condition 111 Manage Rule im Manage Policy and iv Manage PolicySet functions Furthermore it explains how to use the PAP interfaces for XACML Policy and PolicySet generation FGAC brings granularity in the policies through the Rule attribute of XACML that is reflected in Manage Policy section of this document Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project National ICT R amp D Fund Document Convention DC 1 The core XACML tags are highlighted with Capital First Letter DC 2 The PAP interface titles are specified with Capital First Letter and Bold font style DC 3 Names of main PAP phases are written in single quotes with Capital First Letter A System Learning In this section we have demonstrated how to create update and delete the Subject Action Resource and Environment attributes in System Learning phase 1 Select the System Learning option from the main interface of PAP as shown in below figure System Learning Eneronmen
15. popped out to first select the Attribute Action Attributes Action Attribute Values Action on Server Read c 2 On clicking the button the following window appears on the screen containing the Attribute Value text box Enter the required value for Attribute and then click on Save button as shown in below figure Add Action Attribute Value Attribute Value Write amp c 3 After saving the Attribute Value the following two values are visible under the Action Attribute Values tab as shown in below figure Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 35 National ICT R amp D Fund Action Attribute Values Write 5 Now click on the Save button in the Create Action interface to save in database as shown below Create Action Create Action Action Name Student Action Actions thet can be perfor the Students Action Descriptor Action Attributes Action Attribute Values Action on Server write Read 6 The added Action is displayed on Action interface with its values under the Action Name and Action Description tabs as shown in below figure Action Action Name Action Description Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security
16. the desired Subject Confirmation x A Are you sure you want to delete v Yes x No 3 The selected Subject is deleted as shown in below figure The Subject Attributes and Subject Attribute Values are also deleted for that specific Subject ENS Subject for the Sudar Subject for the Sa Subject Attributes i Subject Attribute Values No records found No records found 4 In order to delete a particular Subject Attribute of a Subject select the subject and right click on Attribute desired to be deleted under Subject Attributes tab on Subject interface Click on the Delete option from the dropdown list Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 15 National ICT R amp D Fund 5 Confirm the decision by clicking on Yes in confirmation dialog box Confirmation x A Are you sure you want to delete v Yes x No 6 The selected Attribute is deleted along with all of its Attribute Values as shown in below figure Subject Attributes Subject Attribute Values Department No records found 7 To delete a particular Attribute Value right click on that value under the Subject Attribute Value tab and click on the Delete option Subject Attributes Subject Attribute Values Department Dot T Deci Update
17. 1 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 49 National ICT R amp D Fund Environment Attributes 8 On clicking the button following window appears add the required values for Attribute Name Data Type and Attribute Value and then click on Save button Add Environment Attribute Attribute Name Room Number String Data Type Integer Boolean Attribute Value A 207 9 Now two different Environment Attributes are visible under the Environment Attributes tab as shown in figure below Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 50 National ICT R amp D Fund Environment Attributes Timings 10 In order to view the values for specific Attributes click on the required Attribute It also enables the button as shown below By clicking on button more Attribute values can be added to the selected Attribute Room Number ME 2 Update Environment 1 To update an added Environment right click on that specific Environment in main Environment interface and then select the Update option form the menu as depicted in below figure Environment Environment Name Environment Description Faculty Environment Attributes for the Faculty 2 The following
18. Click Save to insert the new Policy Set attribute into the database Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 88 National ICT R amp D Fund Add New Policy Set Policy Set PolicySet Name SSC Data Policy Set Policy Set governing the access to the Student Share Center Description Policy Combining Algorithm First applicable Applicable Target Applicable Policy Sets Applicable Policies Target able to access LMS No records found SSC Data Deletian Target able to deiete data trom Server Accessing LMS 4 After the successful creation of PolicySet newly added Policy Set with all of its related attributes will be displayed in the main PolicySet interface Selecting any Policy Set from the available list enables the add update option for Applicable Policy Sets and Applicable Policies Policy Combining Algorithm Applicable Policy Sets Applicable Pokoies No records found Policy for Deleting Dats on Server a Click on option to update the Sub PolicySets attribute against any selected Policy Set Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais
19. Combining Algorithm Ordered permit overrides Target Target able to access LMS Target able to delete data from Server 3 After the successful execution of update function Policy Set interface displays the list of updated Policy Set attribute Appixante Targets n cy Set govetreng the acces fo Se Nudes lariget ate 2D Cerete Gate ron Se hara Carter SSC Data Oeletan Only one applabe Target able to delete cata from Server Policy Set tur Detete Prrmesson on Server Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 91 National ICT R amp D Fund MPS 3 Delete Policy Set 1 To Delete any of the existing Policy Set right click on the PolicySet to be deleted and select Delete from the drop down PoticySet Policy Combining Algorithm Applicable Targets 59C Dota Policy Set Cr dered perms ornrrie Target atio to Gelete dota frome Serve Update Agplicabte Policies Pabrcy fet etcewieeg imaces on LMA Pobcy far Dewar Date oo Serve 2 Confirm the deletion by clicking on Yes in the confirmation delete dialog box Confirmation x amp Are you sure you want to delete Yes x No 3 After the successful deletion of selected Policy Set updated list of available Policy Sets is displayed in the main Policy Set inter
20. Fax 051 8317363 Website http ais seecs nust edu pk project 60 National ICT R amp D Fund Add New Subject Subject Value Match Id string bag string bag size stning 1s in string one and oniy Back b 1 Click on option to add update Available Resource against the selected Target attribute In the Resource Value tab select Resource Description from the available list As a result of this selection list of available Resource Attributes is displayed Add New Resource Resource Value Match Id Resource Attributes Resource Attribute Values St ix i J Learning Management System Courses No records found Student Sharing Center Grading Panet Must Se Present Cancel Next b 2 Click on any of the Resource Attribute from the available list to view its values As a result a complete list of possible values is displayed under Resource Attribute Values tab select any particular value and click Next Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 61 National ICT R amp D Fund Add New Resource Resource Value Match Id Description Resource Attributes Resource Attribute Values Learning Management System Courses Assignments Student Sharing Center Grading Panel Quizes Must Be Present Canc
21. KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 25 National ICT R amp D Fund Resource Resource Name 4 Similarly any Attribute of the Resource can also be updated Right click on the Attribute under the Resource Attribute tab of the main Resource interface A menu appears and now select the Update option Resource Attributes Lectures Student Document Update Delete ee 5 Update Resource Attribute interface is displayed on the screen Enter the required name in the Attribute Name text box and click on Save button Update Resource Attribute Attribute Name Lecture Notes 6 The updated results for the particular Attribute appears under the Resource Attribute tab on main Resource interface Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 26 National ICT R amp D Fund Resource Attributes Lecture Notes Student Document 7 Similarly the Values for Attribute can also be updated Right click on the name of the Attribute Value under Resource Attribute Value tab Now select the Update option from the dropdown list Resource Attributes Value 2 Delete PDF 8
22. Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 36 National ICT R amp D Fund 7 Now click on the newly added line of Action it displays the Attributes of that Action under the Action Attribute tab as well as the sign is also enabled to add more Attributes for the selected Action Action Attributes Action on Server 8 On clicking the button following window appears add the required values for Attribute Name Data Type and Attribute Value and then click on Save button Add Action Attribute Attribute Name Action on LMS String Data Type Integer Boolean Attribute Value Log in 9 Now two different Action Attributes are visible under the Action Attribute tab as shown in figure below Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 37 National ICT R amp D Fund 10 In order to view the values for specific Attributes click on the required Attribute It enables the button as shown below By clicking on button more Attribute values can be added to the selected Attribute Acton Attribute Valse Log ie MA 2 Update Action 1 To update an added Action right click on that specific Act
23. National ICT R amp D Fund Extensible Access Control Framework for Cloud based Applications User Manual for FGAC Policy Administration Point 25 04 2014 Version 1 0 Dr Muhammad Awais Shibli Principal Investigator Dr Arshad Ali Co Principal Investigator National ICT R amp D Funding Organization Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project National ICT R amp D Fund Contents Iae LiLo 6 0 renner ene E E eee er ine enn terre een te eee ee eee 3 DC OG irae E A E E AE R E E E E A T AEA E E A E 3 Pocono ni COPY CITE een E E E A netonenpneres 4 A System Learning e nno a N ses scccccccccesssesesecsccccenessssesnsececccnesenseanenes 4 SL 1 Manage Subject anane ae 0 DOE E eeaeee eeose erreen essee an 4 SL 2 Manage Rg SOUrCe aa E OMIM T eke ccc ceeeeesssssseseeeenees 17 IPSC MEET oval i ee ee ee 30 SL 4 MianaSegemevironigggiigee 00 0 2 cr MM Meee eee see eeccccceeeees 43 B Polig Creation xc emer Te eee eee 57 Ore et OO ee 57 KOE PAE WENT 00 WI a eee A ee a LL 68 P 25 Manage Rulesscn a S S a a a o T11 PC 2 Mabaa S a 81 PORAS Manage Policy Set 98 1 T M odds mM ho se 87 C XAG MiI Generation S F a Ae aM 92 PEME PoliGWrenecra
24. Now select the newest Apply click on Add Designator Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 73 National ICT R amp D Fund Condition Condition Apply Confirming Action is nc Apply Comparing requestec Apply Getting requested lt eT Add Designator Add Value Add Apply 15 Select the desired Designator Type Designator ID and Attribute Designator from the drop downs and click Save Add Designator Designator DataType Designator Type Designator ID Attribute Designator Action String Staff s Actions Requested Action TOR 16 The tree is updated accordingly showing the newly added Designator Condition Condition Apply Confirming action is no Apply Comparing requestec Appl Requested Designator Staff s Actio j Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 74 National ICT R amp D Fund 17 Now select the second Apply from the tree and click on Add Value to provid of action Add Canditinn Condition Conditio
25. Subject it gives the Attributes of the Subject under the Subject Attribute tab as well as the sign is enabled to add more Attributes for the selected Subject Subject Subject Name Subject Category Subject Description Student Access Subject Subject for the Student Stati Access Subject Subject for the Staff Faculty Access Subject This is a faculty member in University Subject Attributes gt Subject Attribute Values No records found No records found 8 In order to add more Subject Attributes click on the button Add the required values for Attribute Name Data Type and Attribute Value and then click on Save button Add Subject Attribute Attribute Name Experience s String Data Type Integer Boolean Attribute Value 5 Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 11 National ICT R amp D Fund 9 Now two Subject Attributes are visible under the Subject Attribute tab as shown below Subject Attributes Education Experience 10 In order to view the values for specific Attributes click on the required Attribute It enables the button as shown below By clicking on button more Attribute Values can be added to the selected Attribute Subject Attributes Educauon Eperen
26. Value Match Id Description Actors that can be perfarmed by Staff Actions that can be performed by Students Achans on MS Achons that can be performed by Facut Must Be Present cont nen c 3 In the Match Id tab list of possible match ids for the previously selected Action Value is presented Select any match Id value from the available list and click Save to add the selection Action Value and Match Id against the individual Target Add New Action Action Value Match Id Match Ids E sirrg bao stig tag ale sirrg s in strng one and coriy k Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 63 National ICT R amp D Fund d 1 Click on option to add update Available Environment against the selected Target attribute In the Environment Value tab select Environment Description from the available list As a result of this selection list of available Environment Attributes is displayed Add New Environment Environment Value Match Id Description Environment Attribute Values Environment Attriutes for the Faculty Timings No records found Environment Atinbutes for the Faculty Ip Environment Attebutes for the Faout Must Be Present Cancel Next d 2 Click on any of the Environment Attribute f
27. add the Apply in the condition Add Condition Condition Condition Details Condition D OEE T T ET OPE Conmmioe to check whether the requested amp chon 1 other than Read mwmw E Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 70 National ICT R amp D Fund 6 The Add Apply dialog will open fill the required information by selecting ID No of Arguments for the function Description and DataType click Save for saving the Apply Add Apply NO of Arguments 1 DataType boolean Function ID Urrioasissnamesitexacml LO function not Confirming action is not Read Description 7 The newly added Apply is added under the Condition in the tree section b of Add Condition interface Condition Condition Apply Confirming action is not 8 Now select the Apply in the Condition tree and Click on Add Apply to create inner Apply this apply will accept the Requestor s time as an argument Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 71 National ICT R amp D Fund Condition Condition Details Condition L
28. amabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project National ICT R amp D Fund the Attribute Value text box Enter the desired value and then click on Save button as depicted in below figure Add Subject Attribute Value Attribute Value MS an amp c 3 After saving the Attribute Value both the newly added value and the previously existing value are visible under the Subject Attribute Values tab as shown in below figure Subject Attributes Subject Attribute Values Education Now click on the Save button in the Create Subject interface to save the added Subject in database Crease Subject Create Subject Sipe cl Mare Subject Attribute Values KAS PHO Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 10 National ICT R amp D Fund 6 The added Subject is displayed on Subject interface with its values under the Subject Name Subject Category and Subject Description tabs as given below Subject Subject Name Subject Category Subject Description Student Access Subject Subject for the Student Stati Access Subject Subject for the Stafi Faculty Access Subject This is a faculty member in Universit 7 Now click on the newly added row of
29. bad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 19 National ICT R amp D Fund Resource Name Resource Description These ave the avatable resource attnbutes Resource Attributes Resource Attribute Values No records found No records found a The first portion of the interface consists of Resource Name and Resource Description text boxes In order to create a Resource add the required name and description in text boxes Resource Name Student Sharing Center Resource Description b 1 The second part of the Create Resource interface provides the button to add the required Attributes for a particular Resource Resource Attributes No records found Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 20 National ICT R amp D Fund EA b 2 When the is clicked the following interface is displayed to add the required Resource Attributes It consists of Attribute Name Data Type and Attribute Value text boxes Enter the required Attribute name its value and select the data type from the given list Finally click on the Save button as shown below Add Resource Attribute Attribute Name Lectures String Data Type Integer Boolean A
30. cations KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 84 National ICT R amp D Fund Policy Policy S C Data Deletion Accesing LS LMS Dats Aco MP 2 Update Policy l Rule Combing Algorithm Applicable Targets Dery Overrides Target able to delete data from Policy for Deleting Data on Server Th Serve Dery Overrides Target able to sccess US Policy for acceisng mounes on LS Deny cvernde Target able to access LANS A rt d usta or LMS choose Update from the displayed menu Policy Policy K Data Deletion Acressing LMS UMS Date Access 2 In order to update any of the existing Policy right click on that specific Policy and Rule Combining Algorithm Applicable Targets Description z Target abie to delete data trom Dery Overrides e Server Dery Overrides Policy for Deleting Data on Server Tanget able to access LMS Dery overndes Policy for accessing resources on LMS Target abe to access LMS Policy tor access Update sano 22s and Gata om LMS Delete In the Update Policy interface edit any of the previously added Policy attribute and click Update to save the changes into the database Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan
31. cument MPG 2 XACML Policy View 1 For viewing any generated Policy select the Policy Posey for sooesung rescurnes on LMG Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 95 National ICT R amp D Fund 2 Click on View XACML Policy button to view the Policy XACML Policy Generation Policy Dearngbon LSE Data Deletion Pobty fof OeWleg Osta G Server Ancevaag LMS Pobcy for sooesung rescernes on LM 3 After clicking the selected Policy will be opened in the default XML viewer lt 2aml version 1 0 encoding UTF 6 standalone yes gt H lt Policy xmlns urn oasis names te xacml 2 0 policy schema os PolicyId SsCDataDeletion Version 2 0 RuleCombiningAl lt Description gt Policy for Deleting Data on Server lt Description gt lt Target gt Resources lt Resource gt E lt ResourceMatch MatchId urn casis names tc xaqgm 1 0 function string equal gt lt AttributeValue DataType http wew wo o 2001 XMLSchema string gt BESE 2 lt AttributeValue gt lt ResourceAttributeDesignator Attributeld Urn 0a818 names te xacgn 1 0 resource lectures DataType lt ResourceMatch gt lt ResourceMatch Matchid arn oasis names tc xacml1 1 0 function string equal gt lt AttributeValue
32. d based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 22 National ICT R amp D Fund Create Resource Create Resource Rescurce Mane Resource Descriptor 6 The added Resource is displayed on Resource interface with its values under the Resource Name and Resource Description tabs as shown in below figure Resource Resource Description Student Sharing Cente Resource Attributes Resource Attributes Value lectures BESE 1 BESE 2 7 Click on the newly added row of Resource it displays the Attributes of the Resource under the Resource Attribute tab as well as the sign is also enabled to add more Attributes for the selected Resource Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 23 National ICT R amp D Fund 8 On clicking the button following window appears add the required values for Attribute Name Data Type and Attribute Value and then click on Save button Add Resource Attribute Attribute Name Student Document String Data Type Integer Boolean Attribute Value PDF 9 Now two different Resource Attributes are visible under the Res
33. e MS 2 Update Subject 1 Right click on the specific Subject and then select the Update option form the menu as depicted in below figure 2 The following interface appears after selecting the Update option in previous step You can update any of the three values which include Subject Name Subject Description or Subject Category After updating the required fields click on the Save button Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 12 National ICT R amp D Fund Update Subject Subject Name Faculty This is a Faculty member in at Subject Description University Access Subject Subject Category Code Base Intermediary Subject 3 The updated results are visible on the main Subject interface as shown below Subject Name Subject Category Subject Description Student Access Subject Subject for the Student Staff Access Subject Subject for the Staff Faculty Intermediary Subject This is a Faculty member in at University 4 Similarly any Attribute of the Subject can also be updated Right click on the required attribute under the Subject Attribute tab of Subject interface A dropdown menu appears select the Update option Subject Attributes Eqcucaheon E lance Update Deete O 5 Update Subject A
34. e management of access control policy whereas PDP is responsible for the formulation of authorization decision by evaluating access control policy However PEP acts as a service gateway between PDP and the requested resource application or service it intercepts the authorization requests and forwards it to the PDP for decision making permit deny This manual briefly describes how FGAC policies are created using the PAP web interface It further includes detailed screenshots illustrating each and every step that the user might take to complete different processes for all the main phases including System Learning Policy Creation and Policy Generation This manual is intended for system administrators who may use this document as the guideline for the generation of access control policy Scope This manual is focused on FGAC model of the framework that elaborates the use of Policy Administration Point for creation and management of FGAC policies It mainly focuses on three phases of the PAP which includes System Learning Policy Creation and Policy Generation The System Learning phase includes the database population with the basic policy attribute which are Subject Action Resource and Environment It provides a detailed guideline for a system administrator to add delete or update the required attributes using 1 Manage Subject 11 Manage Action 111 Manage Resource and iv Manage Environment functions
35. e Action Attribute Attribute Name LMS Action 6 The updated results for the particular Attribute appears under the Action Attribute tab on main Action interface Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 39 National ICT R amp D Fund Action Attributes Action on Server LMS Action 7 Similarly the values for Attribute can also be updated Right click on the name of the Attribute Value under Action Attribute Value tab Now select the Update option from the menu 8 The following window is displayed Enter the new required value for Attribute and then click on Save button Update Action Attribute Value Attribute Value Sign in 9 The updated value for the Action attribute is displayed instead of the previous value as shown below Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 40 National ICT R amp D Fund Action Attribute Value MA 3 Delete Action 1 To delete a particular Action click on the name of that Action in main Action interface Select the Delete option from the dropdown list Action Action Nam
36. e Action Description Faculty Action Hons that can be performed by Faculty Update 2 Click Yes to confirm the deletion in the confirmation dialog box Confirmation x A Are you sure you want to delete 3 The selected Action is deleted as shown in below figure The Action Attributes and Action Attribute Values is also deleted for that specific Action Action Name No records tound Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 41 National ICT R amp D Fund 4 In order to delete an Attribute of particular Action click on that Attribute under Action Attribute tab on the main Action interface Click on the Delete option from the menu Action Attributes Action on Server LMS Action l l Update 5 Confirm the deletion by clicking on Yes in the confirmation Dialog Confirmation x A Are you sure you want to delete v Yes x No 6 The selected Attribute is deleted along with all of its Attribute values as shown in below figure Action Attributes Action on Server 7 To delete a particular Attribute value click on that value under the Action Attribute Value tab and click on the Delete option Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Securit
37. el b 3 In the Match Id tab list of possible match ids for the previously selected Resource value is presented Select any match Id value from the available list and click Save to add the selection Resource Value and Match Id against the individual Target Add New Resource Resource Value Match Id Maschics string bag shring thag mane string is in string cerre ared only c 1 Click on option to add update Available Action against the selected Target attribute In the Action Value tab select action Description from the available list As a result of this selection list of available Action Attributes is displayed Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 62 National ICT R amp D Fund Add New Action Action Value Match Id Description Action Attributes Action Attribute Values Actions that can be performed by Staff Action on Server No records found Actions that can be pectormed by Studerts Actions on LMS Actions that can be pertormed by Faculty Must Be Present c 2 Click on any of the Action Attribute from the available list to view its values As a result a complete list of possible values is displayed under Action Attribute Values tab select any particular value and click Next Action
38. face Applicable Targets Description 4 Precy Set Qoverratg De access to the Mariert Tarcal abie to Gaitie Gale trom Serve Shere Certer C XACML Generation This is the final section of this manual In the following section we have demonstrated the generation of XACML based Policy and Policy Set Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 92 National ICT R amp D Fund If we hover up cursor to the XACML Generation a dropdown menu will appear showing two options XACML Policy Generation and XACML Policy Set Generation XACML Generation ACME Poly Gererabon XACML Pobcy Set Gereraton PG 1 Policy Generation MPG 1 XACML Policy Generation 1 Click on XACML Policy Generation XACML Generation q Generabon XACML Policy Set Initially if there are no Policies in the database the message No records found is 2A displayed otherwise the Description of Policies is shown XACML Policy Generation Description Policy for Deleting Data on Server Policy Policy for accessing resources on LMS SSC Data Deletion Accessing LMS 3 All the policies and PolicySet we will be generated in the F drive Right now we have not generated policies or PolicySet therefore the drive F is no
39. hm and Applicable Target is shown in the Policy interface Selecting any Policy from the available list enables option that is used for editing the number of fine levels and Applicable Rules on the selected Policy Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 83 National ICT R amp D Fund Policy Policy Rule Combining Algoritines Applicable Targets Description A m r larget jie 10 Gete owe from RF Mni gt 3K Data Deeton Dery Overrides i Poacy for Deteting Data on Server re Applicable Rides Rule for deleting Gata on Serverul Ae for accessing LMSrul 5 After clicking on option to edit Applied Rules or change the Number of Fine Levels on the selected Policy In the Add Policy Rule interface Check select the Rule description that you want to add to the selected Policy or and change the Number of Fine Levels again make sure that Fine Levels defined and number of selected Rules are equal and click Add to save the association in the database Add Policy Rule Number of Fine Levels All Rules Rule for deleting data on Server Rule for accessing LMS 6 If saved newly added Applicable Rules appear in the main Policy interface against the selected Policy Extensible Access Control Framework for Cloud based Appli
40. ins Environment Name and Environment Description tabs Initially when no Environment is added in the database No records found is displayed b The second portion of this interface contains the Environment Attributes tab that enlists the added Attributes for a given Environment Initially when there are no records in the database the button is disabled Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 44 National ICT R amp D Fund Environment Attributes No records found c The third portion of the interface consists of Environment Attribute Values tab that gives a list of different values for a specific Attribute At the start when no Environment Attribute and Attribute values are added the sign is disabled Environment Attribute Value No records found 4 Click on the Add Environment button on the bottom right corner of the below interface Environment Environment hene No records tourd 5 The Create Environment interface is opened to add the required number of Environments This interface further has three main portions to add the Environment its Attributes and Attribute values as highlighted with a b and c in figure below Extensible Access Control Framework for Cl
41. interface appears after selecting the Update option in previous step You can update any of the two values which include Environment Name or Environment Description After updating the required fields click on the Save button Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 51 National ICT R amp D Fund Update Environment Environment Name Faculty Environment Environment Attributes ee for the Faculty Environment Description 5 3 The updated results are also visible on the main Environment interface as shown below Environment Environment Name Environment Description Faculty Environment Environment Attributes for the Faculty Environment Attributes P Environment Attribute Value No records found No records found 4 Similarly any Attribute of the Environment can also be updated Click on the required Attribute under the Environment Attribute tab of the main Environment interface A dropdown menu appears on screen Select the Update option Environment Environment Name Environment Description Faculty Environment Environment Attributes for the Faculty Environment Attributes Environment Attribute Value Timings 09 00 Update 17 00 Delete Extensible Access Control Framework f
42. ion in main Action interface and then select the Update option form the menu as depicted in below figure Action Action Name Action Description Student Actions Actions that can be performed by Students Delete 2 The following interface appears after selecting the Update option in previous step You can update any of the two values which include Action Name or Action Description After updating the required fields click on the Save button Update Action Action Name Faculty Action Actions that can be performed by the Faculty Action Description 3 The updated results are visible on the main Action interface as shown below Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 38 National ICT R amp D Fund Action Action Name Action Description Faculty Action Actions that can be performed by Faculty 4 Similarly any Attribute of the Action can also be updated Right click on the required Attribute under the Action Attribute tab of the main Action interface Select the Update option from the menu Action Attributes Action on Server Action on LMS Update 5 Update Action Attribute interface is displayed on the screen Enter the required name in the Attribute Name text box and click on Save button Updat
43. ion option form the main interface of policy administration point Clicking on Policy Creation will display its associated options that are Target Condition Rule Policy and Policy Set Accordingly the four main subsections include Manage Target Manage Condition Manage Rule Manage Policy and Manage Policy Set PC 1 Manage Target Select Target option from the main Policy Creation dropdown menu to add update and delete Targets and its related attributes including Subject Action Resource and Environment MT 1 Create Target 1 Below is the main Target interface which is used to add update and delete Target attributes It also provides the provision to associate existing Subject Resource Action and Environment attributes with the new or existing Target attributes Torget Description Avoilable Subjects Avmlable Resources Aveleble Actions Avatable Environments wo records foued NO records found No records found fo recordi found Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 57 National ICT R amp D Fund option for Available Subjects Available Resources Available Actions and Available Environments is disabled otherwise it active and any attribute in a target can be added by selecting target and clicking
44. k on option to add update Available Subjects against the selected Target attribute In the Subject Value tab select Subject Description from the available list As a result of this selection list of available Subject Attributes is displayed Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 59 National ICT R amp D Fund Ad New Subject Subject Value Match Id Subject Attributes Subject Attribute Values Educabon No records found Eapenence a 2 Click on any of the Subject Attribute from the available list to view its values As a result a complete list of possible values is displayed under Subject Attribute Values tab select any particular value and click Next Add New Subject Subject Value Match Id Subiect for the facut Subject tor the Student Subject for the Stat Must Be Present EX a 3 In the Match Id tab list of possible Match Ids for the previously selected Subject value is presented Select any Match Id value from the available list and click Save to add the selection Subject Value and Match Id against the individual Target Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164
45. kistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project National ICT R amp D Fund Theat we Mhe mpte aht Subject Attribute Values feo tecords found No records found 4 The Create Subject interface opens to add the required Subjects This interface further has three main portions to add the Subject Attributes and Attribute Values as highlighted with a b and c in below figure Create Subject Create Subject Subject Naene Subject Description Subject Category Subject Attributes Subject Attribute Values No records found No records found a 1 The first portion of the interface consists of Subject Name Subject Description and Subject Category text box In order to create a Subject add the required name and description in text boxes The required category can be selected from the dropdown list as shown below Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project National ICT R amp D Fund Subject Name This ts a Faculty member in at University Subject Description Subject Category Access Subject Access Subject Code Base Intermediary Subject Recipient Subject Requesting Machine b 1 The second part of the Create Subject interface provides
46. kistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 78 National ICT R amp D Fund Create Rule Create Rule Name Accessing LMS Rule to allow access to the pat Learning Management System Description y Effect Permit Target Description Condition Description Target able to access LMS To confirm User is Accountant Target able to delete data from Server 4 Upon successful creation of Rule its Name Effect Applicable targets and Description appears in the main Rule interface MU 2 Update Rule 1 In order to update any existing Rule attribute right click on that specific Rule and choose Update from the displayed menu Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 79 National ICT R amp D Fund 2 In the Update Rule interface edit any of the previously added Rule attribute and click Update to save the changes into the database Update Rule Name Deleting Server Data Rule to allow access to delete the ae data from the Server Description Permit Target Description Condition Description Target able to access LMS To confirm User is Acc
47. l 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 33 National ICT R amp D Fund i b 1 The second portion of the Create Action interface provides the button to add the required Attributes to the Action Action Attributes No records found b 2 The following interface is opened to add the required Action Attributes It consists of Attribute Name Data Type and Attribute Value text boxes Enter the required Attribute name its Value and select the data type from the given list Finally click on the Save button as shown below Add Action Attribute Attribute Name Action on Server String Data Type Integer Boolean Attribute Value Read gt GD ee amp b 3 The added Attribute is displayed under the Action Attribute tab as shown in below figure Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 34 National ICT R amp D Fund Action Attributes c 1 The third part of the Create Action interface consists of the button to add more than one value for specific Attribute It 1s compulsory to select the required Attribute from the Action Attributes before adding the values If the button is clicked without selecting any Attribute a warning message is
48. lamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 68 National ICT R amp D Fund PC 1 Create Condition 1 Below is the main interface of Condition which is used to create and delete the Condition 2 Click on the Add Condition button to create the new Condition 3 The Add Condition dialog is categorized in three sections a The first section a contains the information about Condition 1 e its Description b The second section b contains the tree that represents the current state of Condition The new Attributes of Conditions are added as nodes in the tree whenever an Apply Designator or Value is added this tree is updated accordingly c The third section c contains the controllers to add new attributes Apply Designator or Value to the Condition Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 69 National ICT R amp D Fund Condition Condition Details Condition Cond ece Desonption 4 Provide the Description of the Condition in Condition Description section Add Condition Condition Condition Details Condition Comettion to check whether the requested Adon is other than Read Condmon Deso pon 5 Click the Add Apply button to
49. lt ResourceAttributeDesignator Attributeld urn oasis names tc xacm 1 0 resource lectures DataT lt ResourceMatch gt lt ResourceMatch MatchId urn oasis names tc xagn 1 0 function string equal gt i mutena e Dataliwme httn wa Wa orar 200 H emaga na BESE Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 100
50. n Details Condition sedate m 3 x sondon to confirm that requested Action is Apply Confirming action is ne nce Read A j aly Com Condos Description Apply Getting Requested Designator Staff s Actio 18 Fill the appropriate information and click Save Add Value Variable DataType String Attribute Value Read 19 Once completed click on Save to save the condition Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 75 National ICT R amp D Fund Add Condition Condition Condition Details Condition lt Apply Confirming action is me i Apply Comparing requestes Gantines Duscip en Apply Getting Requested Ty r t A Value Read 20 Once saved the newly created Condition appears in the main Condition page Condition Condition ID Condition Description PC 2 Delete Condition 1 For deleting the Condition right click on the desired condition and select Delete from the Menu Condition Condition ID Condition Description 5 Condition to confirm that the requesting Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http
51. nerate all policies XACML Policy Set Generation Policy Set ste Four 5 Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 97 National ICT R amp D Fund 5 A dialog box will pop up showing that all Policy Sets have been generated XACML Policy Set Generation Policy Set Demriptios SSC sla Pobty tel Puky Set qowerrercy He acter to the Mudari Dare Corder 6 In the following snapshot we can see that the newly generated Policy Sets is stored in the F drive t New Volurne F Burn New folder Name Date modified Type di Personal Data 5 10 201412 19 PM File folder 5 10 2014 12 24 PM AML Document 5 10 2014 12 29 PMI XML Document SSC Data Deletion_P 5 10 2014 12 24 PMI XML Document MPSG 2 XACML Policy Set View 1 For viewing any generated Policy select the Policy Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 98 National ICT R amp D Fund XACML Policy Set Generation 2 Click on View XACML Policy Set button to view the Policy XACML Policy Set Generation Policy Set Data Pods
52. on button wlio targets Description laroet atte to dekte data horn Serve Available Resources C C Asmlamte Environments phg equal Computer Ateu D records Mir fo record found stig equal Softeure Construcor Tew egus Assayreverts sireng ecpes Quires Target Target LMI Osia Acco 55C Data Otketion Targel alte In accesa UE Target atte to delete date rom Sereer 4 In the New Target interface specify Target name add its description and click Save to insert the new Target attribute into the database and Cancel to discard the added information Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 58 National ICT R amp D Fund Create Target Target Name Accessing LMS Faculty to access the Learning Management Target Description System 5 Upon successful creation of Target its name and description appears in the main Target interface Selecting any Target from the available list enables the add update option for Available Subjects Available Resources Available Actions and Available Environments These are we avadaive targets tinn gt egue Compute Arctriecyce An senm miin Hrnnp egusi Sotteere Construction Hing egual Assignments mmng egusi Quces a 1 Clic
53. ondtiom to confirm that the request Apply C ory ming acion ts ne Ardon s other than Amad 18 Condiiios Descrptioe 9 Fill the required information and click Save Add Apply NO of Arguments 2 DataType String x Function ID urmoasis names te xacml L Otunction string equal Comparing requested action with Read Description 10 The Condition tree is updated accordingly showing the newly added Apply Condition Condition Apply Confirming action is no Apply Comparing requestec 4 m 11 Now select the newly added apply and click on Add Apply button again to add another Apply Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 72 National ICT R amp D Fund Ad Condition Condition Condition Details Condition z lt Coectien to confem that requested Action is Apply Confirming action is no not Read Apply Comparing requestec lt lt Coacitian Desoytion Add Apply NO of Arguments DataType Function ID Getting Requested Action Description 13 The condition tree is updated accordingly showing the newly added Apply Condition Condition Apply Confirming Action is nc Apply Comparing requestec Apply Getting requested lt 4 ds j 14
54. or Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 52 National ICT R amp D Fund i 5 Update Environment Attribute interface is displayed on the screen Enter the required name in the Attribute Name text box and click on save button Update Environment Attribute Attribute Name Office Timings 6 The updated results for the particular Attribute appears under the Environment Attribute tab on main Environment interface Environment Environment Name Environment Description Faculty Environment Environment Attributes for the Faculty Environment Attributes Environment Attribute Value Office Timings 09 00 IP 17 00 7 Similarly the values for Attribute can also be updated Right click on the name of the Attribute Value under Environment Attribute Value tab Now select the Update option from the dropdown list Environment Attribute Value Delete 8 The following window appears on screen Enter the new required value for Attribute and then click on Save button Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk p
55. oud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 45 National ICT R amp D Fund Create Environment Create Environment Environment Name Environment Desorption Environment Attributes Environment Attribute Values No records found No records found b a l The first portion of the interface consists of Environment Name and Environment Description text boxes In order to create an Environment add the required name and description in text boxes as shown below Environment Name Faculty Environment Environment Attributes for the Faculty Environment Description b 1 The second part of the Create Environment interface provides the Button to add the required Attributes to the added Environment in previous step Environment Attributes No records found Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 46 National ICT R amp D Fund b 2 The following interface is opened to add the required Environment Attributes It consists of Attribute Name Data Type and Attribute Value text boxes Enter the required Attribute name its value and select the data type f
56. ountant Target able to delete data from Server 3 After the successful execution of update function Rule interface displays the list of updated Rule attributes tHect Applicable Targets Applied Condition Descristion OE 1 2 coe p Rule fo aioa access ip delete the dzia from e Deleting Server Data Permit args abie to delete data rom Server No Condos Apgied Soa f Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 80 National ICT R amp D Fund MU 3 Delete Rule 1 In order to Delete any of the existing Rule right click on that particular Rule and select Delete from the menu 2 Confirm the deletion by selecting Yes in the confirmation dialog box Confirmation x A Are you sure you want to delete 3 After the successful deletion of selected Rule updated list of available Rule attributes is displayed on the Rule interface PC 3 Manage Policy In order to add update and delete Policy and its related attribute including Target and Rule select Policy from the main Policy Creation dropdown menu Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seec
57. ource Attribute tab as shown in figure below Resource Attributes Lectures Student Document 10 In order to view the values for specific Attributes click on the required Attribute It also enables the button as shown below By clicking on button more Attribute Values can be added to the selected Attribute Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 24 National ICT R amp D Fund Resource Attributes Ledures Terier ery r gt GGE UOCUMER MR 2 Update Resource 1 To update an added Resource right click on that specific Resource in Resource interface and then select the Update option form the menu as depicted in below figure Resource Resource Name Resource Description SSC Student Sharing Center Delete _ 2 The following interface appears after selecting the Update option in previous step You can update any of the two values which include Resource Name or Resource Description After updating the required fields click on the Save button Update Resource Resource Name LMS Learning Management System Resource Description 3 The updated results are visible on the main Resource interface as shown below Extensible Access Control Framework for Cloud based Applications
58. ribute Values tab as shown in below figure Environment Attributes Environment Attribute Values Timings 9 SS c 4 Nowclick on the Save button in the Create Environment interface to save the added Environment in database as shown below Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 48 National ICT R amp D Fund Create Environment Create Environment Emronment Name F acuity Environment Eewronment Aftrifetes for the Faculty Emvrornmnernt Descrotion Environment Attribute Values 6 The added Action is displayed on Environment interface with its values under the Environment Name and Environment Description tabs as shown in below figure Environment Environment Name Environment Description Faculty Environment Attributes for the Faculty Environment Attributes Environment Attribute Value No records found No records found 7 Now click on the newly added line of Environment it displays the Attributes of that Environment under the Environment Attribute tab as well as the sign is also enabled to add more Attributes for the selected Environment Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 05
59. roject 53 National ICT R amp D Fund Update Environment Attribute Value Attribute Value 17 9 The updated value for the Environment Attribute is displayed instead of the previous value as shown below Environment Attribute Value ME 3 Delete Environment 1 Right click on the name of that Environment in main Environment interface Select the Delete option from the dropdown list Environment Environment Name Environment Description Faculty Environment Environment Attributes for the Faculty 2 Click Yes in the confirmation dialog box Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 54 National ICT R amp D Fund Confirmation x A Are you sure you want to delete v Yes x No 3 The selected Environment is deleted as shown in below figure The Environment Attributes and Environment Attribute Values are also deleted for that specific Environment Environment Name No records found 4 In order to delete an attribute of particular Environment click on that attribute under Environment Attribute tab on the main Environment interface Click on the Delete option from the dropdown list Environment Attributes Office Timings Room Number 5 Click Yes in confirmation Dialog box Confirmation x
60. rom the available list to view its values As a result a complete list of possible values is displayed under Environment Attribute Values tab select any particular value and click Next Add New Environment Environment Value Eevironment Attripates for the Faculty Environment Altribetes for the Faculty Environment Attributes for the Faculty Must Be Present cet me d 3 In the Match Id tab list of possible match ids for the previously selected Environment Value is presented Select any match Id value from the available list and click Save to add the selection Environment Value and Match Id against the individual Target Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 64 National ICT R amp D Fund Add New Environment Environment Value Match Id string Dag stnng bag s0e string is in sting one arnd omly 6 After adding all the attributes select the updated Target from the main Target interface to view all of its associated Subjects Actions Resources and Environments Target that allows FacuRy to access Learning Management System MT 2 Update Target 1 In order to update any existing Target attribute right click on that specific Target and choose Update Target from the drop down menu Extensible Acces
61. rom the given list Finally click on the Save button as shown below Add Environment Attribute Attribute Name Timings String Data Type Integer Boolean Attribute Value 9 b 3 The added Attribute is displayed under the Environment Attribute tab as shown in below figure Environment Attributes c 1 The third portion of the Create Environment interface consists of the button to add more than one value for specific Attribute It is compulsory to select the required Attribute from the Environment Attributes before adding the values If the Add Attribute Value button is clicked without selecting any Attribute a warning message is popped out to first select the desired Attribute Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 47 National ICT R amp D Fund Environment Attributes Environment Attribute Values Timings 9 c 2 On clicking the button in Environment Attribute Values the following window appears on the screen containing the Attribute Value text box Enter the required value for Attribute and then click on Save button as shown in below figure Add Environment Attribute Value Attribute Value c 3 After saving the Attribute Value the following two values are visible under the Environment Att
62. s Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 65 National ICT R amp D Fund Target Servet Deiebon Upita Toget fo devwte Gata from Server Update Tar Access LMS ge Delete bo access LMS Availadle Resources Available Actions Available Environments String equal BESE 1 strng equal Delete Sinngrequat BESE 2 No records found strag equal Delete String equal POE string equal Delete Struxy equat Word Documents 2 In the Update Target interface edit any of the previously added Target attribute and click Save to save the changes into the database Update Target Target Name Server Deletion Target able to delete Target Description data from LMX Server 3 After the successful execution of update function Target interface displays the list of updated Target attributes Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 66 National ICT R amp D Fund Server Deledon Target able to delete Gata from LMS Sery J AccessagA MS Target able to access LMS Available Resources Available Environments strng tquel BESE 1 string eq
63. s nust edu pk project 81 National ICT R amp D Fund Policye reation Target Concttion Posle CHO MP 1 Create Policy 1 Below is the main Policy interface which is used to add update and delete Policy and its related attributes Policy Policy Rube Com iniag Algorithm Apphcatie Targets Descrgocn No recordi fourd 2 Click on Add Policy button to add new Policy attributes into the database Policy Pocy No records fourd Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 82 National ICT R amp D Fund 3 In the Create Policy interface specify Policy Name Description Rule combining Algorithm along with the desired Target attribute and their corresponding Rules Also provide Number of Fine Levels that is the number of restriction desired to be applied on the Policy Make sure that Fine Levels provided and number of Rule selected is same Click on Save to insert the new Policy attribute into the database Create Policy Create Policy Name Description Number of Fine Levels Rule Combining Algorithm Available Target Available Rules Target abe to access LS 1 Dasta Deiletici Target abte to delete data from Server 4 Bocessing iM 4 The Policy Name Description Rule Combining Algorit
64. seecs nust edu pk project 89 National ICT R amp D Fund SSC Osta Detetior 5 If saved successfully newly added Policy Set with Applicable Policies will be displayed in the main Policy Set interface against the selected Policy Set Applicable Policy Sets Appicable Poscies Mo records tand Potty for Deleting Data on Server Pobry im ecreeeng moror on lM MPS 2 Update Policy Set 1 In order to update any of the existing Policy Set right click on that specific Policy Set and choose Update from the displayed menu Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 90 National ICT R amp D Fund Polcyset Policy Combining Aigontien Applicable Targets sry Set goverte f joists iiaia Mhan aiye F fu ge are We Yucier C Dalla Paity Set Dery covwrticle a oe abe here Certter Vp date SSC Date Deletion Only ote applicable Target abe to delete ate Irom Server Pubcy Set for Detete Perret na Servet Delete gt 2 In the Update Policy Set interface edit any of the previously added Policy attribute and click Update to save the changes into the database Update Policy Set PolicySet Id SSC Data Policy Set Policy Set governing the access to So the Student Share Center Description Policy
65. t The System Learning interface displays the option for Subject Action Resource and Environment Accordingly the below subsection demonstrates the Manage Subject Manage Resource Manage Action and Manage Environment SL 1 Manage Subject We demonstrate how the system administrator can create update and delete the Subject in System Learning phase It further consists of three sections namely Create Subject Update Subject and Delete Subject MS 1 Create Subject 1 Select the Subject option from dropdown list as depicted below Systern Learwng Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project National ICT R amp D Fund 2 After selecting the Subject option in previous step the following screen appears to add the new Subjects This interface further includes three main portions as highlighted with a b and c in the below figure Subject Name Subject Category Subject Description Faculty Access Subject Student Access Subject d Subject for the faculty Subject for the Student Stat Access Subject Subject for the Statt Subject Attributes Subject Attribute Values No records found No records found b C a The upper portion of the Subject interface contains Subject Name Subject Category and
66. t showing any of it Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 93 National ICT R amp D Fund r New Volume F library Share with Burn New folder rs Name Date modified Type di Fersonal Data 5 10 2014 12 19 PM File folder 4 In the XACML Generation tab click on the Generate all XACML Policies button to generate all policies View KACML Policy 5 A dialog box will pop up showing that all Policies have been generated Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 94 National ICT R amp D Fund XACML Policy Generation Pality Description 55C Ons Deletion Policy tor Detetieg Oria on Server Aarh AE Putty Sov accekisg retour oet an LMS 6 In the following figure we can see that our F drive has the Policy files that are just been generated file t New Volume F Burn New folder Name Date modified Type d Personal Data 5 10 2014 12 19 PM File folder 55C Data Deletion_P 5 10 2014 12 24 PM AML Document Accessing LMS_P 5 10 2014 1274 PM XML Do
67. the button to add the required attributes for a particular subject Subject Attributes No records found b 2 The following interface appears to add the required Subject Attribute It consists of Attribute Name Data Type and Attribute Value text boxes Enter the required attribute name its value and select the data type from the given list Click on the Save button Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project National ICT R amp D Fund Add Subject Attribute Attribute Name Education String Data Type Integer Boolean Attribute Value PHD b 3 The added attribute is displayed under the Subject Attribute tab as shown in below figure Subject Attributes Subject Attribute Values Education No records found t c 1 The third portion of the Create Subject interface consists of the Subject Attribute Values to add more than one value for specific attribute It has a button to add more values of the selected Attribute If no Subject Attribute is selected then the warning message is displayed Subject Attributes Subject Attribute Values Education PHD Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Isl
68. tiOn TEE 1 S E ssi AE 5 93 PG 2 Policy Set Generation My 2 T F ennenen a a 96 Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project National ICT R amp D Fund Introduction The purpose of this document is to provide User Manual of Policy Administration Point PAP for Fine Grained Access Control FGAC model for the project entitled Extensible Access Control Framework for Cloud Based Applications This project broadly aims to provide Access Control as a Service ACaaS for Software as a Service SaaS layer applications It incorporates variety of reliable and well known access control models as Cloud based services These access control models mainly include Attribute Based Access Control ABAC Fine Grained Access Control FGAC and Usage based access CONtrol UCON models Each of these models is intended to facilitate the users to secure their applications at SaaS layer where the management and evaluation of access control decisions is externalized and handled for Cloud consumers The major components of the framework include Policy Decision Point PDP Policy Enforcement Point PEP and Policy Administrator Point PAP All of these components are designed to perform some specific functionality for instance PAP deals with th
69. ttribute Value BESEL a b 3 The added Attribute is displayed under the Resource Attribute tab as shown in below figure Resource Attributes c 1 The third part of the Create Resource interface consists of the button to add more than one value for specific Attribute It is compulsory to select the required Attribute from the Resource Attributes before adding the values The warning message is displayed if none of the Resource Attributes are selected Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 21 National ICT R amp D Fund Resource Attribute Values No records found c 2 Once the button is clicked the following window appears on the screen containing the Attribute Value text box Enter the required value for Attribute and then click on Save button as shown in below figure Add Resource Attribute Value Attribute Value BESE 2 c 3 After saving the Attribute value the following two values are visible under the Resource Attribute Values tab as shown in below figure Resource Attributes Resource Attribute Values Lectures BESEL BESE 2 5 Now click on the Save button in the Create Resource interface to save the added Resource in database Extensible Access Control Framework for Clou
70. ttribute interface displays on the screen Enter the required name in the Attribute Name text box and click on Save button Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 13 National ICT R amp D Fund Update Subject Attribute Attribute Name Education 6 Similarly the values for Attribute can also be updated Right click on the name of the Attribute Value under Subject Attribute Value tab Now select the Update option from the dropdown list Subject Attribute Values MS S PHO Update Delete C 7 The following window appears Enter the new required value for Attribute and then click on Save button Update Subject Attribute Value Attribute Value MS MS 3 Delete Subject 1 Right click on the name of Subject in main Subject interface Select the Delete option from the dropdown list Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 14 National ICT R amp D Fund Subject Oeccriptian Wici for the Thairs Subat for the Stall 2 On selecting Delete a confirmation Dialog box appears click Yes to delete
71. ua BESE 2 string equal POF strng equal Word Documents No records found MT 3 Delete Target 1 In order to Delete any of the existing Target right click on that particular Target and select Delete from the menu Target Server Diron wa trom LMS Server UpGate Target Accesmg LMS Available Resources Available Actions Available Exrwonments streeg equal EESE t ining equal Delete string equal SESE 2 rng equa Delete No records found Ureg tqual FOF tinng equal Delete cirmg equal Word Documents Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 67 National ICT R amp D Fund 2 Click on Yes to confirm deletion in the confirmation Dialog box Confirmation x A Are you sure you want to delete 3 After the successful deletion of selected Target updated list of available Target attributes is displayed on the Target interface Target able to accest LMS Available Subjects Aveilable Environments No records foend No records found PC 2 Manage Condition In order to manage the Condition select the Condition from the main Policy Creation dropdown menu Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Is
72. y Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 42 National ICT R amp D Fund Acton Attributes Aton 06 Server LMS Adios 8 Confirm the deletion by selecting Yes in confirmation Dialog box Confirmation x A Are you sure you want to delete 9 The selected Attribute value is deleted as shown in below figure Action Attribute Value No records found SL 4 Manage Environment In this section we demonstrate how to create update and delete the Environment in System Learning phase Extensible Access Control Framework for Cloud based Applications KTH SEECS Applied Information Security Lab NUST SEECS H 12 Sector Islamabad Pakistan Tel 051 90852164 Fax 051 8317363 Website http ais seecs nust edu pk project 43 National ICT R amp D Fund ME 1 Create Environment 1 In order to create Environment select the Environment option from dropdown list as depicted below System leaming 2 After selecting the Environment option in previous step the following Environment interface is opened This interface further includes three main portions as highlighted with a b and c in the below figure laviroament Name No recorths foun Envlrorsent Anr dutes r Envelrorenent Attr ute Value No records toond No records ound a The upper portion of the Environment interface conta
Download Pdf Manuals
Related Search