MACOW Ξ Mandatory Access Control on Open Worlds

PEP SDK Description

This entity is in charge of mediate the communication between the managed element and the MACOW architecture. Additionally, it is also in charge of enforcing the decision stated by PDP element. This entity should be different to each managed element on the architecture. Thus, a development framework has been provided. This framework enables to developer to implemented PEPs according to their management necessities. Notice that to control access to a PC and to software it is so different and requires different PEP elements.

This PEP developer framework provided is composed of the following file structure:

(1) \libs\
(2) \simuls\
(3) PEPConfig.xml
(4) Pubsubs.xml
(5) PEP.jar

(1) This folder contains all the library dependences for the correct usage of PEP framework.

(2) This folder contains some example of knowledge representation and access attempts saved on files. These files can be used to emulate managed elements as is further explained.

(3) This is the configuration file used on the framework in order to configuration the communications to PDP and PIP entities. This file provide the following configuration parameters:

ParametersDefault valuesDescription
PDP_URLhttp://localhost:9191/PDPServiceService?wsdlThis is the URL which PEP will used to find PDP server Web Service. Bold letters should be changed on production scenarios.
PUB_SUB_CONFIG_FILE_PATHpubsubsConfig.xmlThis is the path to the configuration file used to PEP-Event Manager communications.
PDP_SERVICENAMEPDPServiceServiceFixed
PDP_NAMESPACEhttp://pdp.macow.umu.org/Fixed

(4) This is the config file to manage the parameters related to the PEP-Event Manager communication. So, this is the meaning of all the parameters.

ParameterDefault ValueDescription
HTTP_PORT7878This is the port that will be open on the server in order to receive notifications from Event Manager
URL_EVENT_MANAGERhttp://127.0.0.1:8080/EventManager/servlet/rpcrouterThis parameter should point to the URL in which Event Manager has been deployed. (By default it is configured on localhost). Bold letters must be changed on production scenarios
URL_MYSELFhttp://127.0.0.1:7878/servlet/rpcrouter This parameter represents the URL of the PDP Server. (By default it is configured on localhost). Bold letters must be changed on production scenarios
LIB_FOLDER.\libs\ws-client\ Notice that this parameters point to the libraries folder provided on the distribution. In case developer want to change the path. He have to adapt this parameter to the new one.
APPLICATION_WAR.\libs\ws-client\em-receiver.jarNotice that this parameters point to the libraries folder provided on the distribution. In case developer want to change the path. He have to adapt this parameter to the new one.

There are more parameters but it should not be changed in order to get a correct behaviour on the server.

On the other hand, developer should provide a new class using PEPFacade class in order to provide a new PEP implementation. The following methods are provided on PEPFacade to help this propose.

MethodDescription
void publishKnowledge(Model state)This method will be used to publish the current state of the managed element. The parameter is a Jena model which will contain the representation of the managed elements (TBox) and the current state (ABox). This representation will be done by means of CIM ontology.
String requestAccess(String accessAttempt)This method is used to ask PDP for the authorization of the given accessAttempt. This attempt will be modelled by means of CIM ontology.

Additionally, before the usage of the methods provide on PEPFacade, developed have to configure this facade. The way in which this issue is done is by means of the following line:

PEPConstants.loadProperties("./","PEPConfig.xml"); // path and filename of conf. file

This line will configure the PEPFacade to enable the usage of previous methods.

In order to clarify how developer should implement PEP, a default PEP implementation has been provided. This implementation emulates a managed element by means of files. Thus, this FilePEPFacade return a file that emulates the state of a managed element and ask for the authorization of an attempt which is obtained from a file.

Thus, in case developer wants to emulate these actions. He can execute the following lines.

(1) To publish a managed element information provided by a file.

Java -cp ./PEP.jar; org.umu.macow.pep.test.PublishPEP

(2) To ask PDP for deciding about an access attempt provided by a file.

Java -cp ./PEP.jar; org.umu.macow.pep.test.RequestPEP