Extending Access Control Models with Break-glass

By Achim D. Brucker and Helmut Petritsch.

Access control models are usually static, i.e., permissions are granted based on a policy that only changes seldom. Especially for scenarios in health care and disaster management, a more flexible support of access control, i.e., the underlying policy, is needed.

Break-glass is one approach for such a flexible support of policies which helps to prevent system stagnation that could harm lives or otherwise result in losses. Today, break-glass techniques are usually added on top of standard access control solutions in an ad-hoc manner and, therefore, lack an integration into the underlying access control paradigm and the systems’ access control enforcement architecture.

We present an approach for integrating, in a fine-grained manner, break-glass strategies into standard access control models and their accompanying enforcement architecture. This integration provides means for specifying break-glass policies precisely and supporting model-driven development techniques based on such policies.

Keywords:
Disaster Management, Access Control, Break-Glass, Model-Driven Security

Supplementary material:
Slides  ]

Please cite this work as follows:
A. D. Brucker and H. Petritsch, “Extending access control models with break-glass,” in ACM symposium on access control models and technologies (SACMAT), B. Carminati and J. Joshi, Eds. New York, NY, USA: ACM Press, 2009, pp. 197–206. doi: 10.1145/1542207.1542239. Author copy: http://logicalhacking.com/publications/brucker.ea-extending-2009/

BibTeX
@InCollection{ brucker.ea:extending:2009,
  author       = {Achim D. Brucker and Helmut Petritsch},
  title        = {Extending Access Control Models with Break-glass},
  booktitle    = {ACM symposium on access control models and technologies
                  (SACMAT) },
  year         = {2009},
  isbn         = {978-1-60558-537-6},
  pages        = {197--206},
  publisher    = {ACM Press },
  address      = {New York, NY, USA },
  editor       = {Barbara Carminati and James Joshi},
  location     = {Stresa, Italy},
  doi          = {10.1145/1542207.1542239},
  abstract     = {Access control models are usually static, i.e., permissions
                  are granted based on a policy that only changes seldom.
                  Especially for scenarios in health care and disaster
                  management, a more flexible support of access control, i.e.,
                  the underlying policy, is needed.
                  
                  Break-glass is one approach for such a flexible support of
                  policies which helps to prevent system stagnation that could
                  harm lives or otherwise result in losses. Today, break-glass
                  techniques are usually added on top of standard access control
                  solutions in an ad-hoc manner and, therefore, lack an
                  integration into the underlying access control paradigm and
                  the systems' access control enforcement architecture.
                  
                  We present an approach for integrating, in a fine-grained
                  manner, break-glass strategies into standard access control
                  models and their accompanying enforcement architecture. This
                  integration provides means for specifying break-glass policies
                  precisely and supporting model-driven development techniques
                  based on such policies.},
  copyright    = {ACM},
  copyrighturl = {https://dl.acm.org/authorize?175073},
  areas        = {security, software},
  keywords     = {Disaster Management, Access Control, Break-Glass,
                  Model-Driven Security},
  note         = {Author copy: \url{http://logicalhacking.com/publications/brucker.ea-extending-2009/}},
}