
By Achim D. Brucker and Helmut Petritsch.
Access control models are usually static, i.e., permissions are granted based on a policy that only changes seldom. Especially for scenarios in health care and disaster management, a more flexible support of access control, i.e., the underlying policy, is needed.
Break-glass is one approach for such a flexible support of policies which helps to prevent system stagnation that could harm lives or otherwise result in losses. Today, break-glass techniques are usually added on top of standard access control solutions in an ad-hoc manner and, therefore, lack an integration into the underlying access control paradigm and the systems’ access control enforcement architecture.
We present an approach for integrating, in a fine-grained manner, break-glass strategies into standard access control models and their accompanying enforcement architecture. This integration provides means for specifying break-glass policies precisely and supporting model-driven development techniques based on such policies.
Further Reading: This presentation is based on the following publication: A. D. Brucker and H. Petritsch, “Extending access control models with break-glass,” in ACM symposium on access control models and technologies (SACMAT), B. Carminati and J. Joshi, Eds. New York, NY, USA: ACM Press, 2009, pp. 197–206. doi: 10.1145/1542207.1542239. Author copy: https://logicalhacking.com/publications/brucker.ea-extending-2009/
Please cite this work as follows: A. D. Brucker and H. Petritsch, “Extending access control models with break-glass,” presented at the ACM symposium on access control models and technologies (SACMAT), Strea, Italy, Jun. 05, 2009. Author copy: https://logicalhacking.com/publications/talk-brucker.ea-extending-2009/
@Unpublished{ talk:brucker.ea:extending:2009,
date = {2009-06-05},
title = {Extending Access Control Models with Break-glass},
month = {jun},
language = {USenglish},
venue = {Strea, Italy},
author = {Achim D. Brucker and Helmut Petritsch},
eventtitle = {ACM symposium on access control models and technologies
(SACMAT) },slideshare = {26226973},
slideshare_width = {427},
slideshare_height = {356},
abstract = {Access control models are usually static, i.e., permissions
are granted based on a policy that only changes seldom.
Especially for scenarios in health care and disaster
management, a more flexible support of access control, i.e.,
the underlying policy, is needed.
Break-glass is one approach for such a flexible support of
policies which helps to prevent system stagnation that could
harm lives or otherwise result in losses. Today, break-glass
techniques are usually added on top of standard access control
solutions in an ad-hoc manner and, therefore, lack an
integration into the underlying access control paradigm and
the systems' access control enforcement architecture.
We present an approach for integrating, in a fine-grained
manner, break-glass strategies into standard access control
models and their accompanying enforcement architecture. This
integration provides means for specifying break-glass policies
precisely and supporting model-driven development techniques
based on such policies.},note = {Author copy: \url{https://logicalhacking.com/publications/talk-brucker.ea-extending-2009/}},
pdf = {https://logicalhacking.com/publications/talk-brucker.ea-extending-2009/talk-brucker.ea-extending-2009.pdf},
}