research-article

RBACvisual: A Visualization Tool for Teaching Access Control using Role-based Access Control

Authors:

Chaoli WangAuthors Info & Claims

ITiCSE '15: Proceedings of the 2015 ACM Conference on Innovation and Technology in Computer Science Education

Pages 141 - 146

https://doi.org/10.1145/2729094.2742627

Published: 22 June 2015 Publication History

Get Access

Abstract

This paper presents RBACvisual, a user-level visualization tool designed to facilitate the study and teaching of the role-based access control (RBAC) model, which has been widely used in companies to restrict access to authorized users. RBACvisual provides two graphical abstractions of the underlying specification. Policies can be input and modified graphically or using text-based files. Students can use an embedded Query system to answer commonly asked questions and to test their understanding of a given policy. A Practice subsystem is also provided for instructors to assign quizzes to students; the answers can be sent to the instructor via email. We also present the results of an evaluation of RBACvisual within a senior-level course on information security. The student feedback was positive and indicated that RBACvisual helped students understand the model and enhanced the course.

References

[1]

J. R. Crandall, S. L. Gerhart, and J. G. Hogle. Driving Home the Buffer Overflow Problem: A Training Module for Programmers and Managers. In Proceedings of National Colloquium for Information Systems Security Education, 2002.

Google Scholar

[2]

J. C. F. de Winter. Using the Student's t-test with Extremely Small Sample Sizes. Practical Assessment, Research & Evaluation, 18(10):1--12, 2013.

Google Scholar

[3]

D. Ebeling and R. Santos. Public Key Infrastructure Visualization. The Journal of Computing Sciences in Colleges, 23(1):247--254, 2007.

Digital Library

Google Scholar

[4]

D. Ferraiolo and R. Kuhn. Role-Based Access Control. In Proceedings of NIST-NCSC National Computer Security Conference, pages 554--563, 1992.

Google Scholar

[5]

D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST Standard for Role-based Access Control. ACM Transactions on Information and System Security, 4(3):224--274, 2001.

Digital Library

Google Scholar

[6]

S. Hallyn and P. Kearns. Tools to Administer Domain and Type Enforcement. In Proceedings of USENIX Conference on System Administration, pages 151--156, 2001.

Digital Library

Google Scholar

[7]

R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-Based Access Control Models. IEEE Computer, 29(2):38--47, 1996.

Digital Library

Google Scholar

[8]

D. Schweitzer and W. Brown. Using Visualization To Teach Security. The Journal of Computing Sciences in Colleges, 24(5):143--150, 2009.

Digital Library

Google Scholar

[9]

D. Schweitzer, M. Collins, and L. Baird. A Visual Approach To Teaching Formal Access Models In Security. In Proceedings of National Colloquium for Information Systems Security Education, 2007.

Google Scholar

[10]

J. Tao, J. Ma, M. Keranen, J. Mayo, and C.-K. Shene. ECvisual: A Visualization Tool for Elliptic Curve Based Ciphers. In Proceedings of ACM Technical Symposium on Computer Science Education, pages 571--576, 2012.

Digital Library

Google Scholar

[11]

J. Tao, J. Ma, J. Mayo, C.-K. Shene, and M. Keranen. DESvisual: A Visualization Tool for the DES Cipher. The Journal of Computing Sciences in Colleges, 27(1):81--89, 2011.

Digital Library

Google Scholar

Cited By

View all

Fernandez RCheng PNhlabatsi AKhan KFetais N(2023)Effective Collaboration in the Management of Access Control Policies: A Survey of ToolsIEEE Access10.1109/ACCESS.2023.324286311(13929-13947)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3242863
Burska KRusnak VOslejsek R(2021)Enhancing Situational Awareness for Tutors of Cybersecurity Capture the Flag Games2021 25th International Conference Information Visualisation (IV)10.1109/IV53921.2021.00045(235-242)Online publication date: Jul-2021
https://doi.org/10.1109/IV53921.2021.00045
Švábenský VVykopal JČeleda PZhang JSherriff MHeckman SCutter PMonge A(2020)What Are Cybersecurity Education Papers About?Proceedings of the 51st ACM Technical Symposium on Computer Science Education10.1145/3328778.3366816(2-8)Online publication date: 26-Feb-2020
https://dl.acm.org/doi/10.1145/3328778.3366816
Show More Cited By

Index Terms

RBACvisual: A Visualization Tool for Teaching Access Control using Role-based Access Control
1. Social and professional topics
  1. Professional topics
    1. Computing education
      1. Computing education programs
        Computer science education
        Information systems education

Recommendations

UNIXvisual: A Visualization Tool for Teaching UNIX Permissions
ITiCSE '17: Proceedings of the 2017 ACM Conference on Innovation and Technology in Computer Science Education

UNIXvisual is a user-level visualization tool designed to facilitate the study and teaching of access control in UNIX. UNIXvisual is aimed at both novice users, who need only to control access to their own files, and students of computer security, who ...
MLSvisual: a visualization tool for teaching access control using multi-level security
ITiCSE '14: Proceedings of the 2014 conference on Innovation & technology in computer science education

Information security continues to be a pressing issue for industry and government. Perhaps the two most fundamental mechanisms for controlling access to information are cryptography and access control systems. This paper presents MLSvisual, a tool that ...
UNIXvisual: A Visualization Tool for Teaching the UNIX Permission Model
ITiCSE '16: Proceedings of the 2016 ACM Conference on Innovation and Technology in Computer Science Education

This paper describes UNIXvisual, which helps students learn access control in UNIX. UNIXvisual is aimed both at novice users, who need only to control access to their own files, and students of computer security, who need a deeper and more comprehensive ...

Comments

Information & Contributors

Information

Published In

ITiCSE '15: Proceedings of the 2015 ACM Conference on Innovation and Technology in Computer Science Education

June 2015

370 pages

ISBN:9781450334402

DOI:10.1145/2729094

Conference Chair:
Valentina Dagienė
Vilnius University, Lithuania
,
Program Chairs:
Carsten Schulte
Berlin Freie University, Germany
,
Tatjana Jevsikova
Vilnius University, Lithuania

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 June 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation

Conference

ITICSE '15

Sponsor:

Bilkent University
SIGCSE

ITICSE '15: Innovation and Technology in Computer Science Education Conference 2015

July 4 - 8, 2015

Vilnius, Lithuania

Acceptance Rates

ITiCSE '15 Paper Acceptance Rate 54 of 124 submissions, 44%;

Overall Acceptance Rate 552 of 1,613 submissions, 34%

Upcoming Conference

ITiCSE '25

Sponsor:
sigcse

Innovation and Technology in Computer Science Education

June 27 - July 2, 2025

Nijmegen , Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
214
Total Downloads

Downloads (Last 12 months)32
Downloads (Last 6 weeks)6

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Fernandez RCheng PNhlabatsi AKhan KFetais N(2023)Effective Collaboration in the Management of Access Control Policies: A Survey of ToolsIEEE Access10.1109/ACCESS.2023.324286311(13929-13947)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3242863
Burska KRusnak VOslejsek R(2021)Enhancing Situational Awareness for Tutors of Cybersecurity Capture the Flag Games2021 25th International Conference Information Visualisation (IV)10.1109/IV53921.2021.00045(235-242)Online publication date: Jul-2021
https://doi.org/10.1109/IV53921.2021.00045
Švábenský VVykopal JČeleda PZhang JSherriff MHeckman SCutter PMonge A(2020)What Are Cybersecurity Education Papers About?Proceedings of the 51st ACM Technical Symposium on Computer Science Education10.1145/3328778.3366816(2-8)Online publication date: 26-Feb-2020
https://dl.acm.org/doi/10.1145/3328778.3366816
Kolomeets MChechulin AKotenko ISaenko I(2019)Access Control Visualization Using Triangular Matrices2019 27th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP)10.1109/EMPDP.2019.8671578(348-355)Online publication date: Feb-2019
https://doi.org/10.1109/EMPDP.2019.8671578
Eng KSerrano DStroulia EJaremko JOnut IPetriu DChen W(2018)(Semi)automatic construction of access-controlled web data servicesProceedings of the 28th Annual International Conference on Computer Science and Software Engineering10.5555/3291291.3291300(72-80)Online publication date: 29-Oct-2018
https://dl.acm.org/doi/10.5555/3291291.3291300
Carr SMayo J(2016)Workshop on teaching modern models of access control hands-onJournal of Computing Sciences in Colleges10.5555/3007225.300723232:1(35-36)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.5555/3007225.3007232

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

UNIXvisual: A Visualization Tool for Teaching UNIX Permissions

MLSvisual: a visualization tool for teaching access control using multi-level security

UNIXvisual: A Visualization Tool for Teaching the UNIX Permission Model

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations