Extending Access Control Models with Break-glass

By Achim D. Brucker and Helmut Petritsch.

Access control models are usually static, i.e., permissions are granted based on a policy that only changes seldom. Especially for scenarios in health care and disaster management, a more flexible support of access control, i.e., the underlying policy, is needed.

Break-glass is one approach for such a flexible support of policies which helps to prevent system stagnation that could harm lives or otherwise result in losses. Today, break-glass techniques are usually added on top of standard access control solutions in an ad-hoc manner and, therefore, lack an integration into the underlying access control paradigm and the systems’ access control enforcement architecture.

We present an approach for integrating, in a fine-grained manner, break-glass strategies into standard access control models and their accompanying enforcement architecture. This integration provides means for specifying break-glass policies precisely and supporting model-driven development techniques based on such policies.

Further Reading:
This presentation is based on the following publication:
A. D. Brucker and H. Petritsch, “Extending access control models with break-glass,” in ACM symposium on access control models and technologies (SACMAT), B. Carminati and J. Joshi, Eds. New York, NY, USA: ACM Press, 2009, pp. 197–206. doi: 10.1145/1542207.1542239. Author copy: http://logicalhacking.com/publications/brucker.ea-extending-2009/

Please cite this work as follows:
A. D. Brucker and H. Petritsch, “Extending access control models with break-glass,” presented at the ACM symposium on access control models and technologies (SACMAT), Strea, Italy, Jun. 05, 2009. Author copy: http://logicalhacking.com/publications/talk-brucker.ea-extending-2009/

BibTeX
@Unpublished{ talk:brucker.ea:extending:2009,
  date              = {2009-06-05},
  title             = {Extending Access Control Models with Break-glass},
  month             = {jun},
  language          = {USenglish},
  venue             = {Strea, Italy},
  author            = {Achim D. Brucker and Helmut Petritsch},
  eventtitle        = {ACM symposium on access control models and technologies
                       (SACMAT) },
  slideshare        = {26226973},
  slideshare_width  = {427},
  slideshare_height = {356},
  abstract          = {Access control models are usually static, i.e., permissions
                       are granted based on a policy that only changes seldom.
                       Especially for scenarios in health care and disaster
                       management, a more flexible support of access control, i.e.,
                       the underlying policy, is needed.
                       
                       Break-glass is one approach for such a flexible support of
                       policies which helps to prevent system stagnation that could
                       harm lives or otherwise result in losses. Today, break-glass
                       techniques are usually added on top of standard access control
                       solutions in an ad-hoc manner and, therefore, lack an
                       integration into the underlying access control paradigm and
                       the systems' access control enforcement architecture.
                       
                       We present an approach for integrating, in a fine-grained
                       manner, break-glass strategies into standard access control
                       models and their accompanying enforcement architecture. This
                       integration provides means for specifying break-glass policies
                       precisely and supporting model-driven development techniques
                       based on such policies.},
  note              = {Author copy: \url{http://logicalhacking.com/publications/talk-brucker.ea-extending-2009/}},
}