MACOW Ξ Mandatory Access Control on Open Worlds
PEP SDK Description
This entity is in charge of mediate the communication between the managed element and the
MACOW architecture. Additionally, it is also in charge of enforcing the decision stated by
PDP element. This entity should be different to each managed element on the architecture.
Thus, a development framework has been provided. This framework enables to developer to
implemented PEPs according to their management necessities. Notice that to control access
to a PC and to software it is so different and requires different PEP elements.
This PEP developer framework provided is composed of the following file structure:
(1) This folder contains all the library dependences for the correct usage of PEP framework.
(2) This folder contains some example of knowledge representation and access attempts saved on files. These files can be used to emulate managed elements as is further explained.
(3) This is the configuration file used on the framework in order to configuration the communications to PDP and PIP entities. This file provide the following configuration parameters:
|PDP_URL||http://localhost:9191/PDPServiceService?wsdl||This is the URL which PEP will used to find PDP server Web Service. Bold letters should be changed on production scenarios.|
|PUB_SUB_CONFIG_FILE_PATH||pubsubsConfig.xml||This is the path to the configuration file used to PEP-Event Manager communications.|
(4) This is the config file to manage the parameters related to the PEP-Event Manager communication. So, this is the meaning of all the parameters.
|HTTP_PORT||7878||This is the port that will be open on the server in order to receive notifications from Event Manager|
|URL_EVENT_MANAGER||http://127.0.0.1:8080/EventManager/servlet/rpcrouter||This parameter should point to the URL in which Event Manager has been deployed. (By default it is configured on localhost). Bold letters must be changed on production scenarios|
|URL_MYSELF||http://127.0.0.1:7878/servlet/rpcrouter|| This parameter represents the URL of the PDP Server. (By default it is configured on localhost). Bold letters must be changed on production scenarios|
|LIB_FOLDER||.\libs\ws-client\|| Notice that this parameters point to the libraries folder provided on the distribution. In case developer want to change the path. He have to adapt this parameter to the new one. |
|APPLICATION_WAR||.\libs\ws-client\em-receiver.jar||Notice that this parameters point to the libraries folder provided on the distribution. In case developer want to change the path. He have to adapt this parameter to the new one. |
There are more parameters but it should not be changed in order to get a correct behaviour on the server.
On the other hand, developer should provide a new class using PEPFacade class in order to provide a new PEP
implementation. The following methods are provided on PEPFacade to help this propose.
|void publishKnowledge(Model state)||This method will be used to publish the current state of the managed element. The parameter is a Jena model which will contain the representation of the managed elements (TBox) and the current state (ABox). This representation will be done by means of CIM ontology. |
|String requestAccess(String accessAttempt)||This method is used to ask PDP for the authorization of the given accessAttempt. This attempt will be modelled by means of CIM ontology.|
Additionally, before the usage of the methods provide on PEPFacade, developed have to configure
this facade. The way in which this issue is done is by means of the following line:
PEPConstants.loadProperties("./","PEPConfig.xml"); // path and filename of conf. file
This line will configure the PEPFacade to enable the usage of previous methods.
In order to clarify how developer should implement PEP, a default PEP implementation has
been provided. This implementation emulates a managed element by means of files. Thus,
this FilePEPFacade return a file that emulates the state of a managed element and ask for
the authorization of an attempt which is obtained from a file.
Thus, in case developer wants to emulate these actions. He can execute the following lines.
(1) To publish a managed element information provided by a file.
Java -cp ./PEP.jar; org.umu.macow.pep.test.PublishPEP
(2) To ask PDP for deciding about an access attempt provided by a file.
Java -cp ./PEP.jar; org.umu.macow.pep.test.RequestPEP