Version 5 (modified by faber, 8 years ago) (diff)


The Crudge RT0 Browser


Crudge is a browser for credentials implementing the RT0 logic used by ABAC. The credentials are visualized as a directed graph where principals and roles/attributes are nodes in the graph and credentials are edges. If a principal has an attribute (can act in a role) there is a path through the directed graph from principal to attribuet (role).

Crudge uses the same visualizations for roles that our description of ABAC for TIED uses. That description is a good starting point the visualiations and ABAC.

Crudge allows a user to visualize an ABAC proof or explore a policy. One can make queries against the policy and save all or parts of the policy. It can be used to create credentials and principals, that interoperate with the rest of ABAC. It can be used as a simple management interface for small systems using ABAC.

Running Crudge

Crudge is available as a webstart download. If you have java installed you should be able to run crudge by opening the URL The various jar files are self-signed by the ISI ABAC team; if you're unwilling to trust self signed web start code you will have to download the jars separately and run them locally.

If you need java, you can get it at Oracle's Java site. A source repository will be available shortly.

Crudge makes use of the jabac library as well as the bouncycastle cryptographic libraries and Jung graph framework. All the relevant jar files are downloaded transparently from the webstart link above.

Using Crudge

This section describes navigating crudge. We describe the screens, how to manipulate credentials, and how to load and save credential sets. If everything seems intuitive to you, feel free to treat this reference as a tutorial.

Crudge Screens

When you first run crudge, you will be presented with a split screen like the one below.

initial screen

The left side of the screen holds the worldviews. These are the views of credentials controlled by a given principal, and currently there is one worldview with all credentials visible. Because there are no credentials loaded, there are none displayed. The text entry box is used to restrict the view. When a principal name is entered, only those credentials controlled by that principal are shown. Multiple views can be shown simultaneously.

On the right is the results of the current query, which is used to test if a given principal has a given attribute/role. The role is entered in the left text box and the principal in the right. If the query is successful, the query success icon turns into a green smiling face; a failed query shows the red "X".

Attachments (12)

Download all attachments as: .zip