Access Road

French version



Access Road is a universal simulator of access controls, to improve the design and the audit in the IT security domain.

A lot of people are concerned by access controls, which is one of the summits of complexity in IT systems. Access Road takes up the challenge to be useful for both IT people, security specialists, application administrators and auditors.

In the CSO Online article '8 Dirty Secrets of the IT Security Industry', Joshua Corman points out this dirty secret.

Dirty Secret 5: There is more to risk than weak software
Corman said the lion's share of the security market is focused on software vulnerabilities. But software represents only one of the three ways to be compromised, the other two being weak configurations and people. Unfortunately, he said, the latter two are far more dangerous risks than the big bad software security flaw of the week.

"While we need to find and patch vulnerabilities, we also must understand an organization is only as strong as its weakest link. More attention needs to be paid in mitigating the other two ways beyond software," Corman said. To go further, see the document at right “Why to simulate access controls?”.

Access Road is a free software which aims to reduce these 3 ways to be compromised, with a focus on weak configurations. It provides a fresh support to cover:

  • the simulation of access controls in IT systems,
  • the checking of their compliance with the security policy,
  • their communication among the implied people,
  • the learning of these access controls.















Why to simulate access controls? (7 slides in PDF)

In the current beta 0.6 version, as an exemple of its capacities, Access Road delivers the out-of-the-box simulation of two programs:

At the system level, Linux Ubuntu 8.04 access controls with the high-level directories of the file system, and a full Policy-Kit authorization system - this covers the User-Group-Other Linux rights including the inherited rights from the parents, some Linux kernel capabilities, and the Ubuntu authorizations on system resources (without the POSIX ACLs and the Netfilter firewall, planned for next versions).
At the application level, a typical large application which follows the Role-Based Access Control model - this covers the hierarchy of roles, the application transactions, and the ACLs with granting and denying rights.


By design, the program models several types of objects and access controls. Access Road may be customized to simulate varied real systems: their structures, their behaviors, their objects and their rights. Two ways are proposed: through a smooth derivation from a current simulation, or through the direct typing of all the properties for the new simulation.

Access Road 0.6.0 is able to simulate, right now, a certain variety of application software. The RBAC model is a good representative of the application needs. For the other types of software (system software, network software;...), the access control functions and the structure are often more complex. Every case has to be analyzed thoroughly. The first next targets are MySQL and Apache.

The number of out-of-the-box simulations will grow in the future. Naturally, the current 0.6 version has a long way to go before being able to simulate the thousand of important software in IT systems. Our challenge is to hit the target in three years, to provide new validated simulations every quarter, and to provide at each step, a workable and reliable tool.

The graphical user interface is very versatile, to facilitate both simple and complex analysis. It allows the user to work on a complex structure... or to work on the straight compliance with a security policy rule. It allows to work on large texts and numerous properties which explain the details of a simulation... or on a diagram to catch a result in a single look.

If you do not like diagrams, texts will provide the full information you need! Otherwise, let's see some Access Road-generated diagrams:

Main window screenshot

Examples of general diagrams




This simple diagram shows the access path from the account ABY to the file F_JERRY. The arrow tells us ABY has the right 'ctrl' ('full control', in this context) via hidden intermediate nodes. The user has defined a second diagram with some of these hidden nodes. ABY and F_JERRY are still at the two ends of the paths:




Then, the user may choose the level of details on which he wants to work. For each diagram, Access Road finds ALL the access paths continuously, searching through up to 40 hidden intermediate nodes if they exist.

Example of a diagram for checking the compliance




This view has a property 'No-MoreThan right' which is equal to the right 'x' ('execute', in this context).

In the view,Access Road checks in continuously if ALL the objects in the blue rectangle (ABY only, there) have some rights on the top object (F_JERRY, there) which are GREATER than the right 'x'.

Since it is the case there, Access Road displays the threshold in red. This color says to the user: “ABY rights does not fulfill the required criterion 'No-More-Than x'”.

Simulated Linux rights are not only 'rwx' (see the open node in the tree at left)



How the access paths between entities are explained in a generated text



Exemple of the Inherited rights for a Linux directory



Exemple of a RBAC application groups and their rights on transactions

Access Road is a Java program running on a desktop computer. A 17' monitor is recommended. This program needs only a Java Runtime Environment, version 1.6.

All the code is original and copyrighted by ACCBEE. The code has a GNU GPL v3 license. ACCBEE is a French company created by Patrick Thazard, in 2008, to develop and promote this program.

The Access Road architecture and code may naturally be reused in other free software projects. There is a unique embedded, full-Java, object-oriented database management system, with a strong data integrity handling. The GUI is based on a fresh object-oriented, multi-frame framework, using textual declarations of the base types to handle them for their creation, displaying and updating. There is a set of graphic components to display the diagrams, with an integrated layout manager.

Note: this 0.6 version allows to save the Access Road data in a temporary format, and this format will be replaced by a more stable one at the beginning of 2010. But this version is workable and reliable, able to help the user in complex works.

Three 30-minutes tutorials are the getting-started documentation. It is included in the Access Road program. The tutorials use a balanced approach to learn both the Access Road platform, and the handling of a given-software simulation. Each tutorial covers one theme: learning, designing, and verifying the access controls with Access Road.




To download the latest version of Access Road, the sources and the Javadoc documentation on the Sourceforge site, click on its image at right:

ACCBEE delivers commercial support, training, development and consulting services to the Access Road users.

For any free help or information, contact:




Get Access Road at SourceForge.net. Fast, secure and Free Open Source software downloads

All registered names are trademarks of their respective owners. Last modification of this page : December 2nd, 2009

Copyright © 2009 ACCBEE - All Rights Reserved