Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access).
Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The presented model is generic both in the sense that it allows to model existing Break-Glass approaches and that it is independent of the underlying access control model.
Contents
Generic Break-Glass model and Break-Glass lifecycle
Policy definition: pre-access
User information, recording the system state: at-access
Analysis: post-access
Target Groups
Researchers and students in the field of computer science and access control, as well as scholars applying the concept of emergency access, e.g., inmedical care
Application developers with demanding requirements regarding the access control system, e.g., using XACML; application architects for systems implementing emergency access
About the Author
Helmut Petritsch is currently working as developer of enterprise software at a German multinational company.
Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access). Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The presented model is generic both in the sense that it allows to model existing Break-Glass approaches and that it is independent of the underlying access control model. Publication in the field of technical science Includes supplementary material: sn.pub/extras