Security policies often need to resolve the conflict between
protecting assets (or complying with laws and regulations) and the risk of
hindering businesses or people. For example, health records are sensitive
and need to be protected carefully. At the same time, hindering doctors to
access, in an emergency, them might endanger lives.
Generic Break Glass
To resolve this conflict, we introduced a dynamic access control model, called
Generic Break Glass (GBG) that can be used to introduce break-the-glass
(also called access-control override) into a wide variety of traditional
access control models. This access control model independence (i.e., it is not
specific to RBAC, DAC, etc.) is a unique feature of GBG. For example, we
implemented GBG on top of:
- XACML, i.e., a fine-grained attribute-based access control model;
- SecureUML, i.e., a role-based access control model (with access control
constraints) that allows to model access control policies in the context of
UML class models and state charts;
- SecureBPMN, i.e., a role-based access control
model (with access control constraints) that allows to model access control
policies in the context of business processes (i.e., models expressed in
BPMN).
The latter two approaches integrate break-the-glass concepts into model-driven
security.
Implementation
Our Generic Break Glass implementation is available, as free software, in our
GBG git repository. The
implementation of GBG in the context of SecureBPMN is, as free software,
available in the SecureBPMN git
repository.
Important Publications
[1]
A. D. Brucker and H. Petritsch,
“Extending access control models with break-glass,” in
ACM symposium on access control models and technologies (SACMAT), B. Carminati and J. Joshi, Eds. New York, NY, USA: ACM Press, 2009, pp. 197–206. doi:
10.1145/1542207.1542239.
[2]
A. D. Brucker, H. Petritsch, and A. Schaad,
“Delegation assistance,” in
IEEE international symposium on policies for distributed systems and networks (POLICY), Jul. 2009, pp. 84–91. doi:
10.1109/POLICY.2009.35.
[3]
A. D. Brucker and H. Petritsch,
“Idea: Efficient evaluation of access control constraints,” in
International symposium on engineering secure software and systems (ESSoS), F. Massacci, D. Wallach, and N. Zannone, Eds. Heidelberg: Springer-Verlag, 2010, pp. 157–165. doi:
10.1007/978-3-642-11747-3_12.
[4]
A. D. Brucker, H. Petritsch, and S. G. Weber,
“Attribute-based encryption with break-glass,” in
Workshop in information security theory and practice (WISTP), P. Samarati, M. Tunstall, and J. Posegga, Eds. Heidelberg: Springer-Verlag, 2010, pp. 237–244. doi:
10.1007/978-3-642-12368-9_18.
[5]
A. D. Brucker and H. Petritsch,
“A framework for managing and analyzing changes of security policies,” in
IEEE international symposium on policies for distributed systems and networks (POLICY), Jun. 2011, pp. 105–112. doi:
10.1109/POLICY.2011.47.