The Crudge RT0 Browser

Intro

Crudge is a browser for credentials implementing the RT0 logic used by ABAC. The credentials are visualized as a directed graph where principals and roles/attributes are nodes in the graph and credentials are edges. If a principal has an attribute (can act in a role) there is a path through the directed graph from principal to attribuet (role).

Crudge uses the same visualizations for roles that ​our description of ABAC for ​TIED uses. ​That description is a good starting point the visualiations and ABAC.

Crudge allows a user to visualize an ABAC proof or explore a policy. One can make queries against the policy and save all or parts of the policy. It can be used to create credentials and principals, that interoperate with the rest of ABAC. It can be used as a simple management interface for small systems using ABAC.

Running Crudge

Crudge is available as a webstart download. If you have java installed you should be able to run crudge by opening the URL http://abac.deterlab.net/java/crudge.jnlp. The various jar files are self-signed by the ISI ABAC team; if you're unwilling to trust self signed web start code you will have to download the jars separately and run them locally.

If you need java, you can get it at ​Oracle's Java site. A source repository will be available shortly.

Crudge makes use of the jabac library as well as the ​bouncycastle cryptographic libraries and ​Jung graph framework. All the relevant jar files are downloaded transparently from the webstart link above.

Using Crudge

This section describes navigating crudge. We describe the screens, how to manipulate credentials, and how to load and save credential sets. If everything seems intuitive to you, feel free to treat this reference as a tutorial.

Crudge Screens

When you first run crudge, you will be presented with a split screen like the one below.

The left side of the screen holds the worldviews. These are the views of credentials controlled by a given principal, and currently there is one worldview with all credentials visible. Because there are no credentials loaded, there are none displayed. The text entry box is used to restrict the view. When a principal name is entered, only those credentials controlled by that principal are shown. Multiple views can be shown simultaneously.

On the right is the results of the current query, which is used to test if a given principal has a given attribute/role. The role is entered in the left text box and the principal in the right. If the query is successful, the query success icon turns into a green smiling face; a failed query shows the red "X".

These details are summarized below.

Running A Query

To demonstrate running a query, load an example set of credentials from http://abac.deterlab.net/examples/rockets_intersection.zip . Select "Open a URL" from the File menu and type http://abac.deterlab.net/examples/rockets_intersection.zip into the dialog box and hit return. (You can also get the dialog box by typing Ctrl-U).

A set of credentials will appear layed out roughly as a tree. You will probably need to move the boxes around a bit to see the structure. You can move a vertex by putting the pointer on it, holding doen the left mouse button and dragging the box. You can pan around the space by putting the pointer on the background, holding the left button and dragging the whole frame. With a little moving you should see something like the image below.

If you enter Acme.buy_rockets in the leftmost query box and Coyote in the other and hit enter, you will see the following.

The query pane shows the similing face icon and the part of the graph containing the path from Coyote to Acme.buy_rockets. The credential graph encodes the idea that to buy rockets from Acme, a principal must be a preferred customer of Acme (the Acme.preferred_customer role) and be a WarnerBros character (the WarnerBros.character role). The Coyote meets both conditions, but Batman meets only one in this example.

To see that Batman cannot buy rockets enter Acme.buy_rockets in the leftmost query box and Coyote in the other and hit enter. You will see an empty query with the red "X".

While Batman cannot buy rockets, he is a preferred customer.

Working With Worldviews

Worldviews filter the role space to show what one principal would see or have to specify in a given scenario. Show how to apply worldviews to the example above. With the same example loaded, change the view layout to tabbed views by selecting "Tab Mode" under the View menu. In Tab Mode, either the current query or the views of the credentials are shown, and the tabs at the top can switch between them. After switching to tab mode, the screen looks like:

That's the single global view of the credentials. Add another view by choosing Add Worldview from the View menu (or hitting Ctrl-A), and the screen will split horizontally into two views. Type Acme into the text box on the lower view and you will see this:

The lower view shows only credentials controlled by the Acme principal. The red role depends on a role outside Acme's control (WarnerBros?.character), so in the Acme view, the derived (dotted) connection for the Coyote to the red role cannot be deduced.

Worldviews are simply filtered views of all the known credentials, and you may add as many as you need.

Editing Credential Graphs

Editing credential graphs is fairly straightforward. When editing, crudge created any missing but implied roles and principals, and credentials can be assigned by drawing arcs between nodes. For example, clear the current credentials by choosing "New" from the "File" menu, and then left click on the empty graph. A menu with an "Add Vertex entry will appear. If you enter "test.a & test.b" and hit enter, 4 nodes will appear in the graph (after a short wait).