This repository contains the ABAC, policies, context handlers and experiments implementation for the Acute Care Attribute-based Access Control (AC-ABAC).
The policies/ folder contains the rules and policies in XACML that were designed and developed for AC-ABAC. To disable a policy add the --OFF, to enable a policy remove the --OFF (This can be done with the docker-compose running). By default all the policies are enabled.
Disabling a policy.
mv policy.xml policy.xml--OFFEnabling a policy.
mv policy.xml--OFF policy.xmlThe first step to be able to test the policies is to install and run the Docker. The docker-compose file in this repo contains all the necessary ABAC services, a REST API to provide contextual attributes and web applications to test the requests. Moreover we use Keycloak and Netflix Zuul proxy to connect every component and protect the web applications endpoints.
1 - Change the EXTERNAL_IP in .env file. Run the command bellow and find your IP.
ifconfig -a2 - Docker build and up
docker-compose build
docker-compose up3 - The default is scenario 1 where every READ(GET) request is permitted. You should be able now to access django default page in http://IP_EXTERNAL/rest/acute-care-demo/call-centre. Login with username 'user1' and password 'user1'.
4 - Stop docker after tests
docker-compose down -vTo evaluate the correctness of each policy, scenarios were created where we change the values on PIP database.
The scripts to evaluate the correctness of each policy can be found in the access-simulations/ folder.
Before running each scenarios' script, the prototype must be updated with the attributes for each scenario.
cd PIP_REST_API
python3 manage.py shell < SCENARIO_N.pyThen reset the container and run
cd access-simulations
python3 simulation-scenario-N.py #sequencial requests
python3 parallel-simulation.py #parallel requestsPull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests/simulations as appropriate.