Software Assurance & Security Research

Security policies often need to resolve the conflict between protecting assets (or complying with laws and regulations) and the risk of hindering businesses or people. For example, health records are sensitive and need to be protected carefully. At the same time, hindering doctors to access, in an emergency, them might endanger lives.

Generic Break Glass

To resolve this conflict, we introduced a dynamic access control model, called Generic Break Glass (GBG) that can be used to introduce break-the-glass (also called access-control override) into a wide variety of traditional access control models. This access control model independence (i.e., it is not specific to RBAC, DAC, etc.) is a unique feature of GBG. For example, we implemented GBG on top of:

XACML, i.e., a fine-grained attribute-based access control model;
SecureUML, i.e., a role-based access control model (with access control constraints) that allows to model access control policies in the context of UML class models and state charts;
SecureBPMN, i.e., a role-based access control model (with access control constraints) that allows to model access control policies in the context of business processes (i.e., models expressed in BPMN).

The latter two approaches integrate break-the-glass concepts into model-driven security.

Implementation

Our Generic Break Glass implementation is available, as free software, in our GBG git repository. The implementation of GBG in the context of SecureBPMN is, as free software, available in the SecureBPMN git repository.

Important Publications

[1]

A. D. Brucker and H. Petritsch, “Extending access control models with break-glass,” in ACM symposium on access control models and technologies (SACMAT), B. Carminati and J. Joshi, Eds. New York, NY, USA: ACM Press, 2009, pp. 197–206. doi: 10.1145/1542207.1542239.

[2]

A. D. Brucker, H. Petritsch, and A. Schaad, “Delegation assistance,” in IEEE international symposium on policies for distributed systems and networks (POLICY), Jul. 2009, pp. 84–91. doi: 10.1109/POLICY.2009.35.

[3]

A. D. Brucker and H. Petritsch, “Idea: Efficient evaluation of access control constraints,” in International symposium on engineering secure software and systems (ESSoS), F. Massacci, D. Wallach, and N. Zannone, Eds. Heidelberg: Springer-Verlag, 2010, pp. 157–165. doi: 10.1007/978-3-642-11747-3_12.

[4]

A. D. Brucker, H. Petritsch, and S. G. Weber, “Attribute-based encryption with break-glass,” in Workshop in information security theory and practice (WISTP), P. Samarati, M. Tunstall, and J. Posegga, Eds. Heidelberg: Springer-Verlag, 2010, pp. 237–244. doi: 10.1007/978-3-642-12368-9_18.

[5]

A. D. Brucker and H. Petritsch, “A framework for managing and analyzing changes of security policies,” in IEEE international symposium on policies for distributed systems and networks (POLICY), Jun. 2011, pp. 105–112. doi: 10.1109/POLICY.2011.47.