Access control is a last line of defense for protecting computer system resources from a compromised process. This is a primary motivation for the principle of least privilege, which requires that a process be given access to only those resources it needs in order to complete its task. Enforcement of this principle is difficult. A strict access control policy can contain tens of thousands of rules, while errors in the policy can interrupt service and put system resources at risk unnecessarily. This project is developing materials that facilitate education on modern access control models and systems. A policy development system leverages visualization to enhance student learning. The policy development system allows graphical development and analysis of access control policies. It runs at the user-level, so that student work does not impact operation of the underlying system and so that access to a specific operating system is not required. A set of web-based tutorials is being developed that are suitable for study out of the classroom. The project results will increase the number of institutions that offer deep coverage of access control in their curriculum and will facilitate devdrlopment of the relevant expertise by workers who are not able to pursue formal education. Computer system security breaches cost companies billions of dollars per year. By helping to create a workforce trained to use modern access control systems effectively, this project increases the ability of industry to protect electronic data.
