VisABAC: A Tool for Visualising ABAC Policies

Authoring and editing access control policy can be a complex and cognitive demanding task, especially when dealing with a large number of rules and attributes. Visualisation techniques are known to be helpful to users analysing intricate data, and can, in some contexts, help decreasing the cognitive load. In this paper, we propose a new tool, VisABAC, which enables the visualisation of attribute based access control policies using the Circle Packing method. We used a participatory design, following a survey of existing visualisation methods in access control. VisABAC is designed as a web-page component, developed in Javascript using the D3.js library, and as such is easily usable without requiring any particular setup. In addition to presenting VisABAC, we demonstrate its usability by conducting a controlled experiment with 32 participants, asking them to change some attribute values in order to obtain a given decision for a policy, and measuring the time taken by participants to conduct these tasks (the faster, the better). We show a small to medium effect size (d = 0.44), thus indicating that VisABAC is a promising tool for authoring and editing access control policies.

• Publication year

  2018

• Venue

  International Conference on Information Systems Security and Privacy

• Publication date

  Unknown publication date

• Fields of study

  Computer Science

• Identifiers
  DOI 10.5220/0006647401170126
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Access Control Systems

  2021cited by this paper
• Protection

  2018cited by this paper
• ViSPE: A Graphical Policy Editor for XACML

  2015influential reference
• Access control with non-deterministic and probabilistic attribute retrieval

  2015influential reference
• The Effect of Providing Visualizations in Privacy Policies on Trust in Data Privacy and Security

  2014cited by this paper
• Foundations for Designing User-Centered Systems

  2014cited by this paper
• Reduction of access control decisions

  2014cited by this paper
• Usability Engineering

  2014cited by this paper
• Visualization framework for inter-domain access control policy integration

  2013cited by this paper
• Graph-based XACML evaluation

  2012cited by this paper
• Visualization Analysis of Multi-Domain Access Control Policy Integration Based on Tree-Maps and Semantic Substrates

  2012influential reference
• Detecting and resolving policy misconfigurations in access-control systems

  2011cited by this paper
• Managing the Human Factor in Information Security: How to Win Over Staff and Influence Business Managers

  2010cited by this paper
• Toward Visualizing Potential Policy Conflicts in eXtensible Access Control Markup Language (XACML)

  2009cited by this paper
• The effects of introspection on creating privacy policy

  2009cited by this paper
• The next 700 access control models or a unifying meta-model?

  2009influential reference
• Visualization for Access Control Policy Analysis Results Using Multi-level Grids

  2009cited by this paper
• ExPDT: Ein Policy-basierter Ansatz zur Automatisierung von Compliance

  2008cited by this paper
• Access Control Policy Analysis and Visualization Tools for Security Professionals

  2008cited by this paper
• Logic-Based Access Control Policy Specification and Management

  2007cited by this paper
• Visualization of large hierarchical data by circle packing

  2006influential reference
• Field studies of computer system administrators: analysis of system management tools and practices

  2004cited by this paper
• EXtensible Access Control Markup Language (XACML) version 1

  2003cited by this paper
• Enterprise Privacy Authorization Language

  2003cited by this paper
• Readings in information visualization - using vision to think

  1999influential reference
• Measuring usability: preference vs. performance

  1994cited by this paper
• Navigating large networks with hierarchies

  1993cited by this paper
• Tree-maps: a space-filling approach to the visualization of hierarchical information structures

  1991cited by this paper
• Miró: Visual Specification of Security

  1990influential reference

• Vision: "AccessFormer": Feedback-Driven Access Control Policy Generation Framework

  2024cites this paper
• SoK: Access Control Policy Generation from High-level Natural Language Requirements

  2023influential citation
• Evaluating the effects of access control policies within NoSQL systems

  2021cites this paper
• Contributing to Current Challenges in Identity and Access Management with Visual Analytics

  2019cites this paper
• An interactive retrieval system for clinical trial studies with context-dependent protocol elements

  2019cites this paper
• On Building a Visualisation Tool for Access Control Policies

  2018cites this paper