<a href="https://colab.research.google.com/github/ericyoc/access_control_demo_poc/blob/main/access_control_demo_poc.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

In [1]:
#!pip install prettytable matplotlib networkx

In [2]:
import os
from prettytable import PrettyTable
import textwrap
import matplotlib.pyplot as plt
import networkx as nx
from matplotlib.patches import Rectangle

In [3]:
# 1. Access Control Matrix
def access_control_matrix():
    matrix = {
        'alice': {'file1': 'rw', 'file2': 'r', 'file3': '-'},
        'bob': {'file1': 'r', 'file2': 'rw', 'file3': 'r'},
        'eve': {'file1': '-', 'file2': '-', 'file3': '-'}
    }

    results = []
    for user in ['alice', 'bob', 'eve']:
        file = 'file2'
        if 'r' in matrix[user][file]:
            results.append(f"{user.capitalize()} can read {file}")
        else:
            results.append(f"{user.capitalize()} cannot read {file}")

    return "; ".join(results)

In [4]:
# 2. Linux Access Control
def linux_access_control():
    file_permissions = 0o644  # rw-r--r--

    results = []
    for user in ['alice', 'bob', 'eve']:
        if user == 'alice':
            user_type = 'owner'
        elif user == 'bob':
            user_type = 'group'
        else:
            user_type = 'others'

        action = 'write'

        if user_type == 'owner':
            mask = 0o200
        elif user_type == 'group':
            mask = 0o020
        else:
            mask = 0o002

        if file_permissions & mask:
            results.append(f"{user.capitalize()} can {action} the file")
        else:
            results.append(f"{user.capitalize()} cannot {action} the file")

    return "; ".join(results)

In [5]:
# 3. Principle of Least Privilege
def principle_of_least_privilege():
    user_roles = {
        'alice': ['read', 'write', 'execute', 'delete'],
        'bob': ['read', 'write'],
        'eve': ['read']
    }

    results = []
    for user in ['alice', 'bob', 'eve']:
        action = 'write'
        if action in user_roles[user]:
            results.append(f"{user.capitalize()} can perform {action} action")
        else:
            results.append(f"{user.capitalize()} cannot perform {action} action (least privilege)")

    return "; ".join(results)

In [6]:
# 4. Sandboxing
def sandboxing():
    def restricted_function(user):
        # Simulating a restricted environment
        allowed_modules = ['math', 'random']

        try:
            import os
            return f"{user.capitalize()}: Sandboxing failed: Restricted module 'os' was imported"
        except ImportError:
            return f"{user.capitalize()}: Sandboxing successful: Restricted module 'os' was blocked"

    return "; ".join([restricted_function(user) for user in ['alice', 'bob', 'eve']])

In [7]:
# 5. Role-Based Access Control (RBAC)
def role_based_access_control():
    roles = {
        'admin': ['create_user', 'delete_user', 'read_logs'],
        'manager': ['read_logs', 'generate_report'],
        'employee': ['generate_report']
    }

    user_roles = {'alice': 'admin', 'bob': 'manager', 'eve': 'employee'}
    action = 'read_logs'

    results = []
    for user in ['alice', 'bob', 'eve']:
        if action in roles[user_roles[user]]:
            results.append(f"{user.capitalize()} (role: {user_roles[user]}) can perform '{action}'")
        else:
            results.append(f"{user.capitalize()} (role: {user_roles[user]}) cannot perform '{action}'")

    return "; ".join(results)

In [8]:
# 6. Attribute-Based Access Control (ABAC)
def attribute_based_access_control():
    users = {
        'alice': {'department': 'IT', 'clearance_level': 3},
        'bob': {'department': 'HR', 'clearance_level': 2},
        'eve': {'department': 'Marketing', 'clearance_level': 1}
    }

    resource = {
        'name': 'Financial Database',
        'department': 'IT',
        'required_clearance': 2
    }

    results = []
    for user, attributes in users.items():
        if (attributes['department'] == resource['department'] and
            attributes['clearance_level'] >= resource['required_clearance']):
            results.append(f"{user.capitalize()} can access {resource['name']}")
        else:
            results.append(f"{user.capitalize()} cannot access {resource['name']}")

    return "; ".join(results)

In [9]:
def get_explanation(concept):
    explanations = {
        "Access Control Matrix": "Defines access rights for subjects (users) to objects (files)",
        "Linux Access Control": "Uses file permissions to control read/write/execute access",
        "Principle of Least Privilege": "Users are given minimum levels of access needed for their tasks",
        "Sandboxing": "Restricts the environment in which certain code can run",
        "Role-Based Access Control": "Access decisions are based on roles that users have",
        "Attribute-Based Access Control": "Access decisions based on attributes of users, resources, and environment"
    }
    return explanations[concept]

In [10]:
def get_principle(concept):
    principles = {
        "Access Control Matrix": "Separation of privilege",
        "Linux Access Control": "Simplicity and uniformity",
        "Principle of Least Privilege": "Minimize potential damage",
        "Sandboxing": "Isolation and containment",
        "Role-Based Access Control": "Simplify administration",
        "Attribute-Based Access Control": "Fine-grained access control"
    }
    return principles[concept]

In [11]:
def plot_access_control_matrix():
    matrix = {
        'alice': {'file1': 'rw', 'file2': 'r', 'file3': '-'},
        'bob': {'file1': 'r', 'file2': 'rw', 'file3': 'r'},
        'eve': {'file1': '-', 'file2': '-', 'file3': '-'}
    }

    fig, ax = plt.subplots(figsize=(10, 6))
    users = list(matrix.keys())
    files = list(matrix['alice'].keys())

    for i, user in enumerate(users):
        for j, file in enumerate(files):
            color = 'lightgreen' if matrix[user][file] != '-' else 'lightgray'
            ax.add_patch(Rectangle((j, i), 0.8, 0.8, fill=True, color=color))
            ax.text(j+0.4, i+0.4, matrix[user][file], ha='center', va='center')

    ax.set_xlim(-0.2, len(files)-0.2)
    ax.set_ylim(-0.2, len(users)-0.2)
    ax.set_xticks(range(len(files)))
    ax.set_yticks(range(len(users)))
    ax.set_xticklabels(files)
    ax.set_yticklabels(users)
    ax.set_title("Access Control Matrix")
    plt.tight_layout()
    save_plot(fig, "access_control_matrix.png")

In [12]:
def plot_linux_access_control():
    permissions = {
        'owner': {'read': True, 'write': True, 'execute': False},
        'group': {'read': True, 'write': False, 'execute': False},
        'others': {'read': True, 'write': False, 'execute': False}
    }

    fig, ax = plt.subplots(figsize=(10, 6))
    y_positions = range(len(permissions))
    ax.set_yticks(y_positions)
    ax.set_yticklabels(permissions.keys())

    for i, (user_type, perms) in enumerate(permissions.items()):
        for j, (perm, allowed) in enumerate(perms.items()):
            color = 'green' if allowed else 'red'
            ax.add_patch(Rectangle((j, i-0.4), 0.8, 0.8, fill=True, color=color))
            ax.text(j+0.4, i, perm[0].upper(), ha='center', va='center')

    ax.set_xlim(-0.5, 2.5)
    ax.set_ylim(-0.5, 2.5)
    ax.set_title("Linux Access Control (File Permissions)")
    ax.set_xlabel("Permissions (Read, Write, Execute)")
    plt.tight_layout()
    save_plot(fig, "linux_access_control.png")

In [13]:
def plot_principle_of_least_privilege():
    privileges = {
        'admin': ['read', 'write', 'execute', 'delete'],
        'developer': ['read', 'write', 'execute'],
        'user': ['read']
    }

    fig, ax = plt.subplots(figsize=(10, 6))
    y_positions = range(len(privileges))
    ax.set_yticks(y_positions)
    ax.set_yticklabels(privileges.keys())

    for i, (role, privs) in enumerate(privileges.items()):
        ax.barh(i, len(privs), align='center', alpha=0.8)
        ax.text(len(privs), i, ' '.join(privs), va='center')

    ax.set_xlabel("Number of Privileges")
    ax.set_title("Principle of Least Privilege")
    plt.tight_layout()
    save_plot(fig, "principle_of_least_privilege.png")

In [14]:
def plot_sandboxing():
    fig, ax = plt.subplots(figsize=(10, 6))

    # Main system
    ax.add_patch(Rectangle((0, 0), 8, 6, fill=False))
    ax.text(4, 5.5, "Main System", ha='center', va='center', fontsize=12)

    # Sandbox
    ax.add_patch(Rectangle((1, 1), 6, 4, fill=False, linestyle='--'))
    ax.text(4, 4.5, "Sandbox", ha='center', va='center', fontsize=12)

    # Allowed operations
    ax.add_patch(Rectangle((2, 2), 2, 2, fill=True, alpha=0.3, color='green'))
    ax.text(3, 3, "Allowed\nOperations", ha='center', va='center', fontsize=10)

    # Restricted operations
    ax.add_patch(Rectangle((5, 2), 2, 2, fill=True, alpha=0.3, color='red'))
    ax.text(6, 3, "Restricted\nOperations", ha='center', va='center', fontsize=10)

    ax.set_xlim(0, 8)
    ax.set_ylim(0, 6)
    ax.axis('off')
    ax.set_title("Sandboxing")
    plt.tight_layout()
    save_plot(fig, "sandboxing.png")

In [15]:
def plot_rbac():
    G = nx.Graph()
    roles = {
        'admin': ['create_user', 'delete_user', 'read_logs'],
        'manager': ['read_logs', 'generate_report'],
        'employee': ['generate_report']
    }
    users = {'alice': 'admin', 'bob': 'manager', 'eve': 'employee'}

    for user, role in users.items():
        G.add_edge(user, role)
        for permission in roles[role]:
            G.add_edge(role, permission)

    pos = nx.spring_layout(G)
    fig, ax = plt.subplots(figsize=(12, 8))

    nx.draw_networkx_nodes(G, pos, nodelist=users.keys(), node_color='lightblue', node_size=500, ax=ax)
    nx.draw_networkx_nodes(G, pos, nodelist=roles.keys(), node_color='lightgreen', node_size=700, ax=ax)
    nx.draw_networkx_nodes(G, pos, nodelist=set.union(*map(set, roles.values())), node_color='lightyellow', node_size=600, ax=ax)

    nx.draw_networkx_edges(G, pos, ax=ax)
    nx.draw_networkx_labels(G, pos, ax=ax)

    ax.set_title("Role-Based Access Control (RBAC)")
    plt.axis('off')
    plt.tight_layout()
    save_plot(fig, "rbac.png")

In [16]:
def plot_abac():
    users = {
        'alice': {'department': 'IT', 'clearance_level': 3},
        'bob': {'department': 'HR', 'clearance_level': 2},
        'eve': {'department': 'Marketing', 'clearance_level': 1}
    }
    resources = {
        'Financial Database': {'required_department': 'IT', 'required_clearance': 3},
        'Employee Records': {'required_department': 'HR', 'required_clearance': 2},
        'Marketing Materials': {'required_department': 'Marketing', 'required_clearance': 1}
    }

    G = nx.Graph()
    for user, attrs in users.items():
        G.add_node(user, node_type='user')
        G.add_node(attrs['department'], node_type='department')
        G.add_node(f"Clearance {attrs['clearance_level']}", node_type='clearance')
        G.add_edge(user, attrs['department'])
        G.add_edge(user, f"Clearance {attrs['clearance_level']}")

    for resource, reqs in resources.items():
        G.add_node(resource, node_type='resource')
        G.add_edge(resource, reqs['required_department'])
        G.add_edge(resource, f"Clearance {reqs['required_clearance']}")

    pos = nx.spring_layout(G)
    fig, ax = plt.subplots(figsize=(12, 8))

    node_colors = {'user': 'lightblue', 'department': 'lightgreen', 'clearance': 'lightyellow', 'resource': 'lightpink'}
    for node_type, color in node_colors.items():
        nx.draw_networkx_nodes(G, pos, nodelist=[n for n, d in G.nodes(data=True) if d.get('node_type') == node_type],
                               node_color=color, node_size=700, ax=ax)

    nx.draw_networkx_edges(G, pos, ax=ax)
    nx.draw_networkx_labels(G, pos, ax=ax)

    ax.set_title("Attribute-Based Access Control (ABAC)")
    plt.axis('off')
    plt.tight_layout()
    save_plot(fig, "abac.png")

In [17]:
def save_table(table, filename="access_control_table.txt"):
    with open(filename, "w") as f:
        f.write(str(table))
    print(f"Table saved as {filename}")

In [18]:
def save_plot(fig, filename):
    fig.savefig(filename, dpi=300, bbox_inches='tight')
    plt.close(fig)
    print(f"Plot saved as {filename}")

In [19]:
def main():
    results = [
        ("Access Control Matrix", access_control_matrix()),
        ("Linux Access Control", linux_access_control()),
        ("Principle of Least Privilege", principle_of_least_privilege()),
        ("Sandboxing", sandboxing()),
        ("Role-Based Access Control", role_based_access_control()),
        ("Attribute-Based Access Control", attribute_based_access_control())
    ]

    table = PrettyTable()
    table.field_names = ["Access Control Concept", "Result", "Explanation", "Principle"]

    max_width = 30
    table.max_width = max_width
    table.align = "l"
    table.hrules = 1

    for concept, result in results:
        explanation = get_explanation(concept)
        principle = get_principle(concept)

        wrapped_concept = "\n".join(textwrap.wrap(concept, max_width))
        wrapped_result = "\n".join(textwrap.wrap(result, max_width))
        wrapped_explanation = "\n".join(textwrap.wrap(explanation, max_width))
        wrapped_principle = "\n".join(textwrap.wrap(principle, max_width))

        table.add_row([wrapped_concept, wrapped_result, wrapped_explanation, wrapped_principle])

    print(table)
    save_table(table)

    print("\nGenerating and saving visualizations:")
    plot_access_control_matrix()
    plot_linux_access_control()
    plot_principle_of_least_privilege()
    plot_sandboxing()
    plot_rbac()
    plot_abac()

In [20]:
if __name__ == "__main__":
    main()

+--------------------------------+--------------------------------+--------------------------------+-----------------------------+
| Access Control Concept         | Result                         | Explanation                    | Principle                   |
+--------------------------------+--------------------------------+--------------------------------+-----------------------------+
| Access Control Matrix          | Alice can read file2; Bob can  | Defines access rights for      | Separation of privilege     |
|                                | read file2; Eve cannot read    | subjects (users) to objects    |                             |
|                                | file2                          | (files)                        |                             |
+--------------------------------+--------------------------------+--------------------------------+-----------------------------+
| Linux Access Control           | Alice can write the file; Bob  | Uses file permi