I. Research & Engineering Projects

5. VisualPCD

Back

Sep 2011 - Dec 2011

BUAA, Key Laboratory of Beijing Network Technology

Project Description: The project mainly researched on the information security demand of China Aero-Polytechnology Establishment and designed a XACML policy conflict detection system based on multi-domain environment. Our system alerts to potential policy conflicts and help improve the security of crosss-domain operations.

Responsibility: I am the main coder in the development team, responsible for the policy integration and sub-graph matching modules.

Introduction: VisualPCD means Visual Policy Conflict Detection system. Its functionality is to parse the XACML format policy file and detect the authorization conflicts between XACML policies. We developed this system using SonicUI library for user interface and parsed the XML format via CMarkup library. The policies generated from the XACML file are described in the ontology format. And We used the popular RacerPro engine to reasoning the ontologies. By querying the ABox generated by the SWRL (Semantic Web Rule Language) rules, we are able to acquire the conflict details such as conflict type, conflict position and conflict reason and so on. At last VisualPCD presents the conflict details in format of the conflict report which is provided as a guideline for network administstors to resolve the conflicts.

Languages used by VisualPCD are:
C/C++

Techniques used by VisualPCD are:
MFC for UI
SonicUI for UI
CxImage for UI
CMarkup for XML parsing
Winsock API for communications with RacerPro

Usage:
1) Execute VisualPCD.exe from the "Debug" directory. Click the left top button "Menu", then click the first option "������������", the RacerPro Engine will start.
2) Click the left top button "Menu", then click the second option "�򿪲����ļ�1", open a policy file such as "PolicyFileA.xml" in directory "examples", the first policy file will be opened.
3) Click the left top button "Menu", then click the third option "�򿪲����ļ�2", open a policy file such as "PolicyFileB.xml" in directory "examples", the second policy file will be opened.
4) Click the "Policy Files" button on the left of the main window, and the two policy files will be parsed and displayed in the "Content of Policy Files" window.
5) Click the "Conflict Detect" button on the bottom of the main window, and the conflict detection report can be seen in the "Policy Conflict Detection Report" window.
6) Click the "Conflict Graph" button on the right of the main window, and the policy graph can be shown in the "Policy Conflict Graph" window.

Useful links:
Download source from GitHub
https://github.com/hsluoyz/VisualPCD
SonicUI official website
http://www.oschina.net/p/sonicui
CxImage official website
https://sourceforge.net/projects/cximage
CMarkup official website
http://www.firstobject.com/dn_markup.htm
RacerPro official website
http://www.racer-systems.com

Pictures:



Fig.1. The Policy0 in file PolicyFileA.xml.





Fig.2. The quintuple corresponding to Policy0.





Fig.3. The ABox corresponding to Policy0.





Fig.4. The main windows of VisualPCD.





Fig.5. The policy file parsing windows of VisualPCD.





Fig.6. The policy conflict graph window of VisualPCD.





Fig.7. The policy conflict report window of VisualPCD.
Back