|
The Access Road
software is a universal simulator of access controls that is
intended to improve design and auditing of IT security.
Access Road offers the
out-of-the-box simulations of GNU/Linux Ubuntu®,
MySQL Server®,
and a generic Role-Based-Access-Control application. As a
professional software, it is designed for database, system and
application administrators, IT architects, software developers
and auditors.
Access control
simulation is a new ground
technology, like there are ground notes in music. The
focus is on IT weak configurations, executing environments for
malware analysis, and people authorizations. Access Road
simulates and explains, combining complete modeling, visual
results and detailed texts, to promote new ways of working in
security:
to
simulate access controls, roles and authorizations in IT
systems,
to
check their
compliance with the security policy,
to
explain and to communicate
the results,
to
learn the access control functions, patterns and best practices.
Access
Road is a free, libre and open source software, licensed under
the GNU AGPL (Affero General Public License version 3).
Complementary modules would be available in a commercial version,
but Access Road delivers right now an efficient service. This is
a program based on Java/Swing, running on any desktop with a 17'
screen or more.
The
current 0.7 version integrates a framework for external add-ons.
It is easy to use and reliable, designed for both newbies and
people who are already experts.
It has an extended user documentation, including a glossary and
80 printable pages of tutorials.
|
Overview
Downloads
Features
Why
to simulate access controls
Why
Access Road is unique
|
An
example: how to simulate MySQL access controls
It
appears that most of the MySQL servers use only the basic types
of rights, probably because the other ones seem too complex.
Unfortunately, the database access controls may deliver features
it is not really possible to replace by access controls in other
software. Among a host of new generic features,
Access Road 0.7 delivers the simulation of the MySQL 5 Server
access controls. Designed
for the job at hand, Access Road provides the
simulation for:
the
MySQL server structure of your choice: the bases and all the
base components (tables, stored procedures, views, ...), the
users and the hosts,
the
MySQL privileges on this server, and their applications from the
top-level item, as global rights, to each elementary component
like a MySQL table column,
the
detection of all the access paths and all the effective rights,
from any MySQL user to any MySQL component of your choice.
You ask Access Road
for creating a MySQL server named 'mys'. You enter the names of
the bases and base components. You choose the privileges for the
components. Hey presto! Job done. It is like, before Access Road,
you would never see an overview of the MySQL access controls.
This screenshot shows
the view on the account 'jerry', and its rights on 3 targets: the
MySQL server, the base 'BASE one' and the table 'Customers
table'. To see a larger image, please right-click this screenshot
we comment hereinafter.
At
left is the 'explorer' where the MySQL server, named
'mys', displays its components in a tree. There is also, at the
bottom of the explorer tree, the Access Road view 'mys:: jerry'
which contains 4 components of 'mys'.
At
the center position, the Access Road view 'mys:: jerry'
is shown in two forms, (1) an
Access Road-generated
diagram where its 4 elements are visible,
including arrows to tell what are the rights between them (no
arrow means no right), and (2) an Access Road-generated
text describing all
these access paths and rights. This includes
the indirect paths, which are get through intermediate objects.
The user may study every simulation result, but he may also read
the diagram in one look.
At
right are the
properties of any element the explorer selects, that is the
'customers table' there. The medium list is about the sorted
MySQL rights statements, because in most of the cases, only the
first applicable statement at a given parent level is applicable
for a given grantee. Reading this list and its sorting, the user
understands the selection of rights by MySQL. This list does not
display the rights into a statement, and this is the role of the
bottom map. The selected key 'jerry@local%'
has a CREATE right.
If the user changes some
'jerry'
rights on 'BASE one', Access
Road updates on the fly both the properties at right, the central
diagram and the central text of the view
'mys:: jerry'. It is the same if
there are 20 open views. What it is displayed is always
consistent with the internal model.
Access Road simulates the MySQL
rights and explains them extensively. Other MySQL tools like
MySQL Workbench®,
or the script mysqlaccess®,
cannot provide such results. Among other limitations, they cannot
tell if a right statement for 'jerry@local%' overrides or not a
right statement for 'jerry@%'. Furthermore, they do not handle
the privileges at the bottom levels, like on a table or a column.
They cannot simulate the executing environment of a stored
procedure. On the other hand, MySQL Workbench®
offers useful features, like the configuration of the rights on a
server.
|
Overview
Downloads
Features
Why
to simulate access controls
Why
Access Road is unique
|
