arbac_verifier 1.0.2 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1e6677babd9700f22f8a74f28c699d7c94d833aecce94a077ff497a4f8f93cbf
-  data.tar.gz: bfbdf60e6169c04006cc21fbde36a740d940ca904e08560759823cd76c9cf30d
+  metadata.gz: 8d2452f09757b60bfc77afd2442fe5839b803097b61d05a442fe597dc1193e97
+  data.tar.gz: 2ea5b84270a4013b8f2f92da60960fc42423265d5f1dc7244fd14e547c3551bc
 SHA512:
-  metadata.gz: 5c6bc1f6256a7c0e17f804153c0d657f706c0a9e531df983e54792473c510636641a1dfe8e295cb44d3500f9ddca45900bd32b90ed9cbf38781dd3444993646d
-  data.tar.gz: 1f8365ff6a3b127cfa620ffe37831f5a04b1b3d98646d93b3458a0dd6d73ebb381d7a229db8fc263d9bf1b3ce43304aa1d462abc12fa34ac9075e05e7d9764f6
+  metadata.gz: 555c5df13ffe056fee4bc6a9f1df7be64fd6489b863b838a5f2a81e558358e538b0b9c27ccba5c0fc3f4b7034323e9b0b9fb13308b426ecbff5ac116b8a3ad87
+  data.tar.gz: 8ff9f08b8ab1d8c03956b8ff1a44b79fcf5daf072134d2ebbee18cc19beba8c58512c0d641107f82eeabdaf39cb6a5f7785bac1dc148495328e14fe7de437a05

data/README.md

@@ -0,0 +1,101 @@
+![logo.png](logo.png)
+
+[![codecov](https://codecov.io/github/stefanosello/arbac_verifier/branch/main/graph/badge.svg?token=VXWHKJUJR2)](https://codecov.io/github/stefanosello/arbac_verifier)
+[![Ruby Gem](https://github.com/stefanosello/arbac_verifier/actions/workflows/gem-push.yml/badge.svg?branch=main)](https://github.com/stefanosello/arbac_verifier/actions/workflows/gem-push.yml)
+[![Gem Version](https://badge.fury.io/rb/arbac_verifier.svg)](https://badge.fury.io/rb/arbac_verifier)
+[![Open Source? Yes!](https://badgen.net/badge/Open%20Source%20%3F/Yes%21/blue?icon=github)](https://github.com/Naereen/badges/)
+
+
+**ARBAC Verifier** is a Ruby gem designed to facilitate the modeling and verification of Administrative Role-Based Access Control (ARBAC) policies. With this tool, you can efficiently model ARBAC policies and perform verification tasks to determine if a specific role (`Goal`) can be achieved starting from a given set of states (user-to-role assignments).
+
+This gem is grounded in comprehensive theoretical foundations, which you can explore in detail through the [official security course slides](https://secgroup.dais.unive.it/wp-content/uploads/2020/04/arbac.pdf) provided by [Ca' Foscari University](https://www.unive.it/pag/13526) of Venice. 
+
+## Installation
+The `arbac_verifier` gem can be installed from [rubygems.org](https://rubygems.org/gems/arbac_verifier) from command line: 
+```{bash}
+gem install arbac_verifier
+```
+or by adding the following line to your `Gemfile` project:
+```{ruby}
+gem 'arbac_verifier', '~> 1.0', '>= 1.0.1'
+```
+
+## ARBAC definition file
+An ARBAC (Attribute-Based Role-Based Access Control) policy definition comprises four key components:
+- **Users**: A set of individuals who are part of the system under analysis.
+- **Roles**: A set of roles that can be assigned to or removed from users.
+- **Can-Assign Rules**: These rules specify which roles can be assigned to users. Each rule includes:
+  - The role that has the authority to make the assignment.
+  - The role to be assigned.
+  - Positive preconditions: Specific roles that the user must already possess to be eligible for the new role.
+  - Negative preconditions: Specific roles that the user must not possess to be eligible for the new role.
+- **Can-Revoke Rules**: These rules specify which roles can be revoked from users. Each rule includes:
+  - The role that has the authority to revoke.
+  - The role to be revoked. 
+
+This structure ensures that role assignments and revocations are controlled and based on the current state of the user's roles.
+In order to represent a policy based on this definition, we can use `arbac` files, which should follow this format:
+```
+Roles Teacher Student TA ;
+Users stefano alice bob ;
+UA <stefano,Teacher> <alice,TA> ;
+CR <Teacher,Student> <Teacher,TA> ;
+CA <Teacher,-Teacher&-TA,Student> <Teacher,-Student,TA> <Teacher,TA&-Student,Teacher> ;
+Goal Student ;
+``` 
+- Each line starts with an *header* that explains which information will be represented
+  - `Roles` and `Users` are straight forward
+  - `UA` are initial User Assignments, i.e. user-role assignments, where each item is a pair of `<user,role>`
+  - `CR` are Can-Revoke rules, where each item is a pair of `<revoker role, revokable role>`
+  - `CA` are Can-Assign rules, where each item is a tern of `<assigner role, <positive1&positive2&-negative1&-negative2>, assignable role>`
+  - `Goal` is not an ARBAC property: it is the target role for which the reachability should be verified
+- Each line ends with a `;`
+- Items of each line are space-separated
+
+## Usage
+Once installed, the gem can be used to manage different tasks related to arbac policies.
+```{Ruby}
+require 'arbac_verifier'
+require 'set
+
+# Create new Arbac instance from .arbac file
+policy0 = ArbacInstance.new(path: 'policy0.arbac')
+
+# Create new Arbac instance passing single attributes
+policy1 = ArbacInstance.new(
+  goal: :Student,
+  roles: [:Teacher, :Student, :TA].to_set,
+  users: ["stefano", "alice", "bob"].to_set,
+  user_to_role: [UserRole.new("stefano", :Teacher), UserRole.new("alice", :TA)].to_set,
+  can_assign_rules: [
+                      CanAssignRule.new(:Teacher, [].to_set, [:Teacher, :TA].to_set, :Student),
+                      CanAssignRule.new(:Teacher, [].to_set, [:Student].to_set, :TA),
+                      CanAssignRule.new(:Teacher, [:TA].to_set, [:Student].to_set, :Teacher)
+                    ].to_set,
+  can_revoke_rules: [CanRevokeRule.new(:Teacher, :Student), CanRevokeRule.new(:Teacher, :TA)].to_set
+)
+```
+
+Once the problem instance has been defined, the gem provides two simplification algorithms that can be used to reduce the size of the reachability problem.
+These algorithms do not modify the original policy and return a new simplified policy.
+```{Ruby}
+require 'arbac_verifier'
+
+# apply backward slicing
+policy0bs =  ArbacUtilsModule::backward_slicing(policy0)
+policy0fs = ArbacUtilsModule::forward_slicing(policy0)
+```
+A Role Reachability Problem solution can be computed using the `ArbacReachabilityVerifier` class.
+```{Ruby}
+require 'arbac_verifier'
+
+# Creare new reachability verifier instance starting from an .arbac file
+verifier0 = ArbacReachabilityVerifier.new(path: 'policy0.arbac')
+
+# or from an already created ArbacInstance
+verifier1 = ArbacReachabilityVerifier.new(instance: policy1)
+
+# and then compute reachability
+verifier0.verify # => true
+```
+**NB:** when a verifier instance is created starting from an `.arbac` file, backward and forward slicing are applied to the parsed policy.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: arbac_verifier
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.0.5
 platform: ruby
 authors:
 - Stefano Sello
@@ -80,80 +80,15 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.12'
-description: "    ![logo.png](https://github.com/stefanosello/arbac_verifier/raw/main/logo.png)\n\n
-  \   [![codecov](https://codecov.io/github/stefanosello/arbac_verifier/branch/development/graph/badge.svg?token=VXWHKJUJR2)](https://codecov.io/github/stefanosello/arbac_verifier)\n
-  \   [![Ruby Gem](https://github.com/stefanosello/arbac_verifier/actions/workflows/gem-push.yml/badge.svg?branch=development)](https://github.com/stefanosello/arbac_verifier/actions/workflows/gem-push.yml)\n
-  \   [![Gem Version](https://badge.fury.io/rb/arbac_verifier.svg)](https://badge.fury.io/rb/arbac_verifier)\n
-  \   [![Open Source? Yes!](https://badgen.net/badge/Open%20Source%20%3F/Yes%21/blue?icon=github)](https://github.com/Naereen/badges/)\n
-  \   \n    \n    **ARBAC Verifier** is a Ruby gem designed to facilitate the modeling
-  and verification of Administrative Role-Based Access Control (ARBAC) policies. With
-  this tool, you can efficiently model ARBAC policies and perform verification tasks
-  to determine if a specific role (`Goal`) can be achieved starting from a given set
-  of states (user-to-role assignments).\n    \n    This gem is grounded in comprehensive
-  theoretical foundations, which you can explore in detail through the [official security
-  course slides](https://secgroup.dais.unive.it/wp-content/uploads/2020/04/arbac.pdf)
-  provided by [Ca' Foscari University](https://www.unive.it/pag/13526) of Venice.
-  \n    \n    ## Installation\n    The `arbac_verifier` gem can be installed from
-  [rubygems.org](https://rubygems.org/gems/arbac_verifier) from command line: \n    ```{bash}\n
-  \   gem install arbac_verifier\n    ```\n    or by adding the following line to
-  your `Gemfile` project:\n    ```{ruby}\n    gem 'arbac_verifier', '~> 1.0', '>=
-  1.0.1'\n    ```\n    \n    ## ARBAC definition file\n    An ARBAC (Attribute-Based
-  Role-Based Access Control) policy definition comprises four key components:\n    -
-  **Users**: A set of individuals who are part of the system under analysis.\n    -
-  **Roles**: A set of roles that can be assigned to or removed from users.\n    -
-  **Can-Assign Rules**: These rules specify which roles can be assigned to users.
-  Each rule includes:\n      - The role that has the authority to make the assignment.\n
-  \     - The role to be assigned.\n      - Positive preconditions: Specific roles
-  that the user must already possess to be eligible for the new role.\n      - Negative
-  preconditions: Specific roles that the user must not possess to be eligible for
-  the new role.\n    - **Can-Revoke Rules**: These rules specify which roles can be
-  revoked from users. Each rule includes:\n      - The role that has the authority
-  to revoke.\n      - The role to be revoked. \n    \n    This structure ensures that
-  role assignments and revocations are controlled and based on the current state of
-  the user's roles.\n    In order to represent a policy based on this definition,
-  we can use `arbac` files, which should follow this format:\n    ```\n    Roles Teacher
-  Student TA ;\n    Users stefano alice bob ;\n    UA <stefano,Teacher> <alice,TA>
-  ;\n    CR <Teacher,Student> <Teacher,TA> ;\n    CA <Teacher,-Teacher&-TA,Student>
-  <Teacher,-Student,TA> <Teacher,TA&-Student,Teacher> ;\n    Goal Student ;\n    ```
-  \n    - Each line starts with an *header* that explains which information will be
-  represented\n      - `Roles` and `Users` are straight forward\n      - `UA` are
-  initial User Assignments, i.e. user-role assignments, where each item is a pair
-  of `<user,role>`\n      - `CR` are Can-Revoke rules, where each item is a pair of
-  `<revoker role, revokable role>`\n      - `CA` are Can-Assign rules, where each
-  item is a tern of `<assigner role, <positive1&positive2&-negative1&-negative2>,
-  assignable role>`\n      - `Goal` is not an ARBAC property: it is the target role
-  for which the reachability should be verified\n    - Each line ends with a `;`\n
-  \   - Items of each line are space-separated\n    \n    ## Usage\n    Once installed,
-  the gem can be used to manage different tasks related to arbac policies.\n    ```{Ruby}\n
-  \   require 'arbac_verifier'\n    require 'set\n    \n    # Create new Arbac instance
-  from .arbac file\n    policy0 = ArbacInstance.new(path: 'policy0.arbac')\n    \n
-  \   # Create new Arbac instance passing single attributes\n    policy1 = ArbacInstance.new(\n
-  \     goal: :Student,\n      roles: [:Teacher, :Student, :TA].to_set,\n      users:
-  [\"stefano\", \"alice\", \"bob\"].to_set,\n      user_to_role: [UserRole.new(\"stefano\",
-  :Teacher), UserRole.new(\"alice\", :TA)].to_set,\n      can_assign_rules: [\n                          CanAssignRule.new(:Teacher,
-  [].to_set, [:Teacher, :TA].to_set, :Student),\n                          CanAssignRule.new(:Teacher,
-  [].to_set, [:Student].to_set, :TA),\n                          CanAssignRule.new(:Teacher,
-  [:TA].to_set, [:Student].to_set, :Teacher)\n                        ].to_set,\n
-  \     can_revoke_rules: [CanRevokeRule.new(:Teacher, :Student), CanRevokeRule.new(:Teacher,
-  :TA)].to_set\n    )\n    ```\n    \n    Once the problem instance has been defined,
-  the gem provides two simplification algorithms that can be used to reduce the size
-  of the reachability problem.\n    These algorithms do not modify the original policy
-  and return a new simplified policy.\n    ```{Ruby}\n    require 'arbac_verifier'\n
-  \   \n    # apply backward slicing\n    policy0bs =  ArbacUtilsModule::backward_slicing(policy0)\n
-  \   policy0fs = ArbacUtilsModule::forward_slicing(policy0)\n    ```\n    A Role
-  Reachability Problem solution can be computed using the `ArbacReachabilityVerifier`
-  class.\n    ```{Ruby}\n    require 'arbac_verifier'\n    \n    # Creare new reachability
-  verifier instance starting from an .arbac file\n    verifier0 = ArbacReachabilityVerifier.new(path:
-  'policy0.arbac')\n    \n    # or from an already created ArbacInstance\n    verifier1
-  = ArbacReachabilityVerifier.new(instance: policy1)\n    \n    # and then compute
-  reachability\n    verifier0.verify # => true\n    ```\n    **NB:** when a verifier
-  instance is created starting from an `.arbac` file, backward and forward slicing
-  are applied to the parsed policy.\n"
+description: "    A way to solve simple ARBAC role reachability problems, given an
+  .arbac definition file or a pre-built problem instance."
 email: sellostefano@gmail.com
 executables: []
 extensions: []
-extra_rdoc_files: []
+extra_rdoc_files:
+- README.md
 files:
+- README.md
 - lib/arbac_verifier.rb
 - lib/arbac_verifier/classes/arbac_instance.rb
 - lib/arbac_verifier/classes/arbac_reachability_verifier.rb
@@ -162,7 +97,7 @@ files:
 - lib/arbac_verifier/classes/user_role.rb
 - lib/arbac_verifier/exceptions/computation_timed_out_exception.rb
 - lib/arbac_verifier/modules/arbac_utils_module.rb
-homepage: https://rubygems.org/gems/arbac_verifier
+homepage: https://github.com/stefanosello/arbac_verifier
 licenses:
 - Apache-2.0
 metadata: {}
@@ -174,7 +109,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 3.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="