RFID Guardian Software:Library:Core modules:ACL

From RFID Guardian

RFID Guardian Software / Library / Core modules / ACL

Contents 1 ACL 1.1 ACL Language 1.2 ACL usage 1.3 ACL internals 1.4 ACL regression test

ACL

The ACL is the core of the RFID Guardian , an application of the RFID Guardian for RFID privacy protection. It jams response signals to readers from tags that are considered private; but if a reader query wouldn't make any of the protected RFID tags respond, the query is allowed. Equally, readers that can be considered trusted in some sense are allowed access to private tags. The Guardian operation is freely configurable, by assigning readers to roles , and specifying which roles are allowed access to which (sets of) private tags.

ACL Language

The ACL language is a LL(1) language for rules, which are in terms of tag sets, reader identity/roles, contexts (a user-defined property to select an ACL set), and queries.

The ACL Language reference describes the ACL language. Should that document be moved inline here?

The ACL library module has an on-board parser to read in the rules. This parser is generated with LLgen , an LL(1) parser generator.

The ACL language currently covers 15693, 14443-A.

ACL usage

The standard way to indicate an ACL for use is by specification of a directory that contains a file for tags/tag sets, named by convention example.tags , a file for readers/roles, named by convention example.readers , an optional file for contexts, named by convention example.contexts , and a file that contains the rules, named by convention example.acl . If this directory describes a unit test, it comes with a set of queries in file request.acl . Such an ACL directory is selected from the UI , or from a standanlone ACL test application .

Besides indication of an ACL directory, the UI allows hand-setting of the current reader and current context, in case these cannot be derived from e.g. reader authentication. Moreover, the UI allows changes to the roles a reader belongs to, or the tag sets a tag belongs to. New readers and tags can be introduced. Currently, there is no mechanism to modify rules. One possibility is by having the UI user edit the example.acl rule file, and reload the ACL afterwards.

ACL internals

The ACL Algorithm document describes the underlying algorithms. For efficiency, the rules are transformed, and some precomputation is performed on the tag sets that occur in the rules

ACL regression test

The ACL has its own offline regression test suite . The standalone ACL application is in [ test/acl/parse-reader ], and the regression test is in [ test/acl/ex/regression_test ], run from the script software_regression_test.sh . Besides the official regression test, there are many more unit tests in [ test/acl/unit-14443-A ]and [ test/acl/unit-15693 ].

API	include/acl/mrg_acl.h include/acl/mrg_acl_constants.h include/acl/mrg_acl_types.h include/acl/mrg_acl_rule.h include/acl/mrg_acl_tag_set.h include/acl/mrg_acl_reader.h include/acl/mrg_acl_context.h include/acl/mrg_acl_query.h include/acl/mrg_acl_parse.h
Source	[ src/acl/acl/ ], [ src/acl/include/ ], [ src/acl/acl/ ], [ src/acl/rule/ ], [ src/acl/tag_set/ ], [ src/acl/reader/ ], [ src/acl/role/ ], [ src/acl/context/ ], [ src/acl/parse/ ]