Skip to content

Latest commit

 

History

History
146 lines (121 loc) · 4.86 KB

README.md

File metadata and controls

146 lines (121 loc) · 4.86 KB

LUCON Editor Plugin for Eclipse

This repository belongs to and features a technology developed for the Trusted Connector.

IMPORTANT: Active development of this tool has stopped several years ago. It serves solely as reference for people interested in LUCON. This repository WILL NOT be actively maintained or receive support of any kind.


This is the XTexT framework for the LUCON (Logic-based Usage Control) policy language. It includes the following eclipse projects:

  • de.fhg.aisec.lucon (Main project)
  • de.fhg.aisec.lucon.feature (Definition of installable Eclipse feature AUTO-GENERATED)
  • de.fhg.aisec.lucon.ide (Support for Eclipse feature - Content Assists, etc. AUTO-GENERATED)
  • de.fhg.aisec.lucon.repository (P2 repository for an Eclipse update site. AUTO-GENERATED)
  • de.fhg.aisec.lucon.target (An Eclipse "product" target, to create an Eclipse-based standalone IDE. AUTO-GENERATED)
  • de.fhg.aisec.lucon.tests (JUnit test cases.)
  • de.fhg.aisec.lucon.ui (Eclipse code editor with syntax highlighting and validation of Lucon policies. AUTO-GENERATED)
  • de.fhg.aisec.lucon.ui.tests (JUnit test cases for ui project. AUTO-GENERATED)
  • de.fhg.aisec.lucon.web (A web-based editor for Lucon policies with syntax highlighting)

Projects marked with AUTO-GENERATED are merely created by the XText assistants and contain no further implementation.

de.fhg.aisec.lucon is the main project containing the grammar definition (LUCON.xtext) and the Prolog code generator (LUCONGenerator.xtend).

A LUCON policy looks as follows:

service {
	id anonymizer

	// Defines the endpoints for which this service description applies
	endpoint regex(".*anonymizer.*")

	// Properties describe the service's behavior. This one blinds fields "surname" and "name"
	properties
			myProp : "anonymize('surname', 'name')"

	// Transformation of labels
	removes_label personal, privates
	creates_label anonymized
}

/**
 * Data from HiveMQ MQTT Broker is marked as public sensor data
 */
service {
	id hiveMqttBroker
	endpoint regex("^paho:.*?tcp://broker.hivemq.com:1883.*")
	properties type: "public"
	creates_label public_data, sensor_data
}

/**
 * ActiveMQ test queue
 */
service {
	id testQueue
	endpoint regex("^amqp:.*?:test")
}


service {
	id hadoopClusters

	// Defines the endpoints for which this service description applies
	endpoint regex("hdfs://.*")


	// Capabilities can be requested by a flow_rule. If not requested, nothing will happen
	capabilities
		deletion: delete_after_days(X)

	// Properties describe the service's behavior. This one blinds fields "surname" and "name".
	properties
		anonymizes : "anonymize('surname', 'name')"
}

flow_rule {
	id deleteAfterOneMonth				// Route id
	when { endpoint regex("hdfs") } 			// Target
	receives private					// Condition
	require delete_after_days(X), X<30	// Obligation
		otherwise drop
}

flow_rule {
	id anotherRule						// Route id
	when hiveMqttBroker					// Target
	receives private					// Condition
	decide drop
}

It is translated by the code generator into the following Prolog code (aka "Prolog theory"):

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%   Prolog representation of a data flow policy
%   
%   Source: test2
% 	
%	Do not edit this file, it has been generated automatically
% 	by XText/Xtend.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
% Only required for SWI-Prolog
% Allow the following predicates to be scattered around the prolog file.
% Otherwise Prolog will issue a warning if they are not stated in subsequent lines.		
%:- discontiguous service/1.
%:- discontiguous rule/1.
%:- discontiguous has_capability/2.
%:- discontiguous has_property/3.
%:- discontiguous has_target/2.
%:- discontiguous requires_prerequisites/2.
%:- discontiguous has_alternativedecision/2.
%:- discontiguous has_obligation/2.
%:- discontiguous receives_label/2.		
%%%%%%%% Rules %%%%%%%%%%%%
rule(deleteAfterOneMonth).
has_target(deleteAfterOneMonth, service78096644.
service(service78096644).
has_endpoint(service78096644, regex("hdfs")).
receives_label(deleteAfterOneMonth,private).
has_obligation(deleteAfterOneMonth, obl1709554620).
requires_prerequisite(obl1709554620, (delete_after_days(X),X<30)).
has_alternativedecision(obl1709554620, drop).
rule(anotherRule).
has_target(anotherRule, hiveMqttBroker).
receives_label(anotherRule,private).
has_decision(anotherRule, drop).

%%%%% Services %%%%%%%%%%%%
service(anonymizer).
has_endpoint(anonymizer, regex(".*anonymizer.*")).
has_property(anonymizer,myProp,anonymize('surname', 'name')).
service(hiveMqttBroker).
has_endpoint(hiveMqttBroker, regex("^paho:.*?tcp://broker.hivemq.com:1883.*")).
has_property(hiveMqttBroker,type,public).
service(testQueue).
has_endpoint(testQueue, regex("^amqp:.*?:test")).
service(hadoopClusters).
has_endpoint(hadoopClusters, regex("hdfs://.*")).
has_capability(hadoopClusters,deletion).
has_property(hadoopClusters,anonymizes,anonymize('surname', 'name')).