This paper describes DTEvisual, a visualization system that leverages Domain Type Enforcement (DTE) for access control education. Domain Type Enforcement (DTE) is a powerful abstraction for teaching students about policy complexity and application of the principle of least privilege, mandatory access control and modern models of access control. DTEvisual facilitates graphical depiction, construction, and modification of a DTE policy. It also allows isolation of selected portions of a depicted policy. Finally, a query subsystem identifies the set of files that can be accessed by a specified process under the depicted policy. We anticipate this tool will be useful for classroom presentations, homework assignments, and self-study. 1
To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.