RBACvisual: A Visualization Tool for Teaching Access Control using Role-based Access Control

This paper presents RBACvisual, a user-level visualization tool designed to facilitate the study and teaching of the role-based access control (RBAC) model, which has been widely used in companies to restrict access to authorized users. RBACvisual provides two graphical abstractions of the underlying specification. Policies can be input and modified graphically or using text-based files. Students can use an embedded Query system to answer commonly asked questions and to test their understanding of a given policy. A Practice subsystem is also provided for instructors to assign quizzes to students; the answers can be sent to the instructor via email. We also present the results of an evaluation of RBACvisual within a senior-level course on information security. The student feedback was positive and indicated that RBACvisual helped students understand the model and enhanced the course.