Access Road

Simulating the access controls
in IT systems


The Access Road software is a universal simulator of access controls that is intended to improve design and auditing of IT security.

Access Road offers the out-of-the-box simulations of GNU/Linux Ubuntu®, MySQL Server®, and a generic Role-Based-Access-Control application. As a professional software, it is designed for database, system and application administrators, IT architects, software developers and auditors.

Access control simulation is a new ground technology, like there are ground notes in music. The focus is on IT weak configurations, executing environments for malware analysis, and people authorizations. Access Road simulates and explains, combining complete modeling, visual results and detailed texts, to promote new ways of working in security:

  • to simulate access controls, roles and authorizations in IT systems,

  • to check their compliance with the security policy,

  • to explain and to communicate the results,

  • to learn the access control functions, patterns and best practices.

Access Road is a free, libre and open source software, licensed under the GNU AGPL (Affero General Public License version 3). Complementary modules would be available in a commercial version, but Access Road delivers right now an efficient service. This is a program based on Java/Swing, running on any desktop with a 17' screen or more.

The current 0.7 version integrates a framework for external add-ons. It is easy to use and reliable, designed for both newbies and people who are already experts. It has an extended user documentation, including a glossary and 80 printable pages of tutorials.





Overview

Downloads

Features

Why to simulate access controls

Why Access Road is unique


An example: how to simulate MySQL access controls

It appears that most of the MySQL servers use only the basic types of rights, probably because the other ones seem too complex. Unfortunately, the database access controls may deliver features it is not really possible to replace by access controls in other software. Among a host of new generic features, Access Road 0.7 delivers the simulation of the MySQL 5 Server access controls. Designed for the job at hand, Access Road provides the simulation for:

  • the MySQL server structure of your choice: the bases and all the base components (tables, stored procedures, views, ...), the users and the hosts,

  • the MySQL privileges on this server, and their applications from the top-level item, as global rights, to each elementary component like a MySQL table column,

  • the detection of all the access paths and all the effective rights, from any MySQL user to any MySQL component of your choice.

You ask Access Road for creating a MySQL server named 'mys'. You enter the names of the bases and base components. You choose the privileges for the components. Hey presto! Job done. It is like, before Access Road, you would never see an overview of the MySQL access controls.

This screenshot shows the view on the account 'jerry', and its rights on 3 targets: the MySQL server, the base 'BASE one' and the table 'Customers table'. To see a larger image, please right-click this screenshot we comment hereinafter.


  • At left is the 'explorer' where the MySQL server, named 'mys', displays its components in a tree. There is also, at the bottom of the explorer tree, the Access Road view 'mys:: jerry' which contains 4 components of 'mys'.

  • At the center position, the Access Road view 'mys:: jerry' is shown in two forms, (1) an Access Road-generated diagram where its 4 elements are visible, including arrows to tell what are the rights between them (no arrow means no right), and (2) an Access Road-generated text describing all these access paths and rights. This includes the indirect paths, which are get through intermediate objects. The user may study every simulation result, but he may also read the diagram in one look.

  • At right are the properties of any element the explorer selects, that is the 'customers table' there. The medium list is about the sorted MySQL rights statements, because in most of the cases, only the first applicable statement at a given parent level is applicable for a given grantee. Reading this list and its sorting, the user understands the selection of rights by MySQL. This list does not display the rights into a statement, and this is the role of the bottom map. The selected key 'jerry@local%' has a CREATE right.

If the user changes some 'jerry' rights on 'BASE one', Access Road updates on the fly both the properties at right, the central diagram and the central text of the view 'mys:: jerry'. It is the same if there are 20 open views. What it is displayed is always consistent with the internal model.

Access Road simulates the MySQL rights and explains them extensively. Other MySQL tools like MySQL Workbench®, or the script mysqlaccess®, cannot provide such results. Among other limitations, they cannot tell if a right statement for 'jerry@local%' overrides or not a right statement for 'jerry@%'. Furthermore, they do not handle the privileges at the bottom levels, like on a table or a column. They cannot simulate the executing environment of a stored procedure. On the other hand, MySQL Workbench® offers useful features, like the configuration of the rights on a server.

















Overview

Downloads

Features

Why to simulate access controls

Why Access Road is unique






















Get Access Road

To download the current Access Road 0.7.3 free software and its user documentation, let's go to Sourceforge. A second file ending with '-src' contains the source code and the extended Javadoc documentation, including an overview of the design.






Overview

Downloads

Features

Why to simulate access controls

Why Access Road is unique


®All trademarks are property of their respective holders. Copyright ACCBEE – 02 June 2013