A diagrammatic notation for modeling access control in tree-based data structures
MetadataVis full innførsel
This thesis describe two graphical modeling languages that can be used for specifying the access control setup in most systems that store information in a tree based structure. The Tree-based Access control Modeling Language (TACOMA) is the simplest language that is defined. It is easy to learn and use as it has only 8 symbols and two relations. With this language it is possible to define the exact access control rules for users using a graphical notation. The simplicity of the language do however come at a cost: it is best suited for small or medium sized tasks where the number of users and objects being controlled are limited. To solve the scalability problem a second language is also presented. The Policy Tree-based Access control Modeling Language (PTACOMA) is a policy based version of TACOMA that doubles the number of symbols and relations. While it is harder to learn it scales better to larger tasks. It also allows for distributed specification of access rules where administrators of different domains can be responsible for specifying their own access control rules. Domains can be organized in a hierarchical manner so that administrators on a higher level can create policies that have higher priority and therefor limits what administrators at lower levels can do. The thesis describes the two languages in detail and provides a comparison between them to show the strong and weak points of each language. There is also a detailed case study that shows how the two languages can be used for specifying access control in SNMPv3.