ABSTRACT
Access control models are usually static, i.e, permissions are granted based on a policy that only changes seldom. Especially for scenarios in health care and disaster management, a more flexible support of access control, i.e., the underlying policy, is needed.
Break-glass is one approach for such a flexible support of policies which helps to prevent system stagnation that could harm lives or otherwise result in losses. Today, break-glass techniques are usually added on top of standard access control solutions in an ad-hoc manner and, therefore, lack an integration into the underlying access control paradigm and the systems' access control enforcement architecture.
We present an approach for integrating, in a fine-grained manner, break-glass strategies into standard access control models and their accompanying enforcement architecture. This integration provides means for specifying break-glass policies precisely and supporting model-driven development techniques based on such policies.
- Break-glass: An approach to granting emergency access to healthcare systems. White paper, Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC), 2004.Google Scholar
- J. Alqatawna, E. Rissanen, and B. Sadighi. Overriding of access control in XACML. In Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY), pages 87--95, Los Alamitos, CA, USA, 2007. IEEE Computer Society. Google ScholarDigital Library
- E. Barka and R. Sandhu. Framework for role-based delegation models. In Proceedings of the 16th Annual Computer Security Applications Conference, pages 168--176, Los Alamitos, CA, USA, 2000. IEEE Computer Society. Google ScholarDigital Library
- Basel Committee on Banking Supervision. Basel II: International convergence of capital measurement and capital standards. Technical report, Bank for International Settlements, Basel, Switzerland, 2004.Google Scholar
- D. Basin, M. Clavel, J. Doser, and M. Egea. Automated analysis of security-design models. Information and Software Technology, 51(5):815--831, 2009. Special Issue on Model-Driven Development for Secure Information Systems. Google ScholarDigital Library
- D. A. Basin, J. Doser, and T. Lodderstedt. Model driven security: From uml models to access control infrastructures. ACM Transactions on Software Engineering and Methodology, 15(1):39--91, 2006. Google ScholarDigital Library
- K. Beznosov. Requirements for access control: US healthcare domain. In Proceedings of the third ACM workshop on Role-based access control (RBAC), page 43, New York, NY USA, 1998. ACM Press. Google ScholarDigital Library
- A. D. Brucker and J. Doser. Metamodel-based UML notations for domain-specific languages. In J. M. Favre, D. Gasevic, R. Lämmel, and A. Winter, editors, 4th International Workshop on Software Language Engineering (ATEM 2007). Oct. 2007.Google Scholar
- A. D. Brucker, J. Doser, and B. Wolff. An MDA framework supporting OCL. Electronic Communications of the EASST, 5, 2006.Google Scholar
- A. D. Brucker, J. Doser, and B. Wolff. A model transformation semantics and analysis methodology for SecureUML. In O. Nierstrasz, J. Whittle, D. Harel, and G. Reggio, editors, MoDELS 2006: Model Driven Engineering Languages and Systems, number 4199 in Lecture Notes in Computer Science, pages 306--320. Springer-Verlag, 2006. An extended version of this paper is available as ETH Technical Report, no. 524. Google ScholarDigital Library
- D. W. Chadwick and A. Otenko. The PERMIS X.509 role based privilege management infrastructure. In Proceedings of the seventh ACM symposium on Access control models and technologies (SACMAT), pages 135--140, New York, NY USA, 2002. ACM Press. Google ScholarDigital Library
- N. Dimmock, A. Belokosztolszki, D. Eyers, J. Bacon, and K. Moody. Using trust and risk in role-based access control policies. In Proceedings of the ninth ACM symposium on Access control models and technologies (SACMAT), pages 156--162, New York, NY USA, 2004. ACM Press. Google ScholarDigital Library
- S. Etalle and W. H. Winsborough. A posteriori compliance control. In Proceedings of the 12th ACM symposium on Access control models and technologies (SACMAT), pages 11--20, New York, NY USA, 2007. ACM Press. Google ScholarDigital Library
- D. F. Ferraiolo, R. S. Sandhu, S. I. Gavrila, D. R. Kuhn, and R. Chandramouli. Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security, 4(3):224--274, 2001. Google ScholarDigital Library
- A. Ferreira, R. Cruz-Correia, L. Antunes, P. Farinha, E. Oliveira-Palhares, D. Chadwick, and A. Costa-Pereira. How to break access control in a controlled manner. In Proceedings of the 19th IEEE International Symposium on Computer-Based Medical Systems (CBMS), pages 847--854, Los Alamitos, CA, USA, 2006. IEEE Computer Society. Google ScholarDigital Library
- C. Fox and P. Zonneveld. IT Control Objectives for Sarbanes-Oxley: The Role of IT in the Design and Implementation of Internal Control Over Financial Reporting. IT Governance Institute, Rolling Meadows, IL, USA, 2nd edition, Sept. 2006.Google Scholar
- M. Hafner, M. Memon, and M. Alam. Modeling and enforcing advanced access control policies in healthcare systems with Sectet. In H. Giese, editor, MoDELS Workshops, volume 5002 of Lecture Notes in Computer Science, pages 132--144, Heidelberg, 2007. Springer-Verlag.Google Scholar
- J. Hu and A. C. Weaver. Dynamic, context-aware access control for distributed healthcare applications. In Proceedings of the First Workshop on Pervasive Security, Privacy and Trust (PSPT), 2004.Google Scholar
- T. Jaeger, A. Edwards, and X. Zhang. Managing access control policies using access control spaces. In Proceedings of the seventh ACM symposium on Access control models and technologies (SACMAT), pages 3--12, New York, NY USA, 2002. ACM Press. Google ScholarDigital Library
- J. B. Joshi, E. Bertino, U. Latif, and A. Ghafoor. A generalized temporal role-based access control model. IEEE Transaction on Knowledge and Data Engineering, 17(1):4--23, 2005. Google ScholarDigital Library
- J. Logstaff, M. Lockyer, and M. Thick. A model of accountability, confidentiality and override for healthcare and other applications. In Proceedings of the fifth ACM workshop on Role-based access control, pages 71--76, New York, NY USA, 2000. ACM Press. Google ScholarDigital Library
- eXtensible Access Control Markup Language (XACML), version 2.0, 2005.Google Scholar
- OMG XML metadata interchange (XMI) specification (version 1.1), Nov. 2000. Available as OMG document formal/00-11-02.Google Scholar
- UML 2.0 OCL specification, Oct. 2003. Available as OMG document ptc/03-10-14.Google Scholar
- UML 2.0 superstructure specification, July 2005. Available as OMG document formal/05-07-04.Google Scholar
- D. Povey. Enforcing well-formed and partially-formed transactions for Unix. In Proceedings of the 8th conference on USENIX Security Symposium, volume 8, pages 5--5. USENIX Association, 1999. Google ScholarDigital Library
- D. Povey. Optimistic security: A new access control paradigm. In Proceedings of the 1999 workshop on New security paradigms, pages 40--45, New York, NY USA, 1999. ACM Press. Google ScholarDigital Library
- E. Rissanen. Towards a mechanism for discretionary overriding of access control (transcript of discussion). In B. Christianson, B. Crispo, J. A. Malcolm, and M. Roe, editors, Proceedings of the 12th International Workshop on Security Protocols, volume 3957 of Lecture Notes in Computer Science, pages 320--323, Heidelberg, Mar. 2004. Springer-Verlag. Google ScholarDigital Library
- E. Rissanen, B. S. Firozabadi, and M. J. Sergot. Discretionary overriding of access control in the privilege calculus. In T. Dimitrakos and F. Martinelli, editors, Proceedings of the Workshop on Formal Aspects Security and Trust (FAST), volume 173, pages 219--232, Heidelberg, 2004. Springer-Verlag.Google Scholar
- A. Roscoe. Theory and Practice of Concurrency. Prentice Hall, 1998. Google ScholarDigital Library
- R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. Computer, 29(2):38--47, 1996. Google ScholarDigital Library
- P. Sarbanes, G. Oxley, et al. Sarbanes-Oxley Act of 2002. 107th Congress Report, House of Representatives, 2nd Session, 107--610, 2002.Google Scholar
- G. Stevens and V. Wulf. A new dimension in access control: studying maintenance engineering across organizational boundaries. In Proceedings of the ACM conference on Computer supported cooperative work (CSCW), pages 196--205, New York, NY USA, 2002. ACM Press. Google ScholarDigital Library
- M. Wilikens, S. Feriti, A. Sanna, and M. Masera. A context-related authorization and access control method based on RBAC: A case study from the health care domain. In Proceedings of the seventh ACM symposium on Access control models and technologies (SACMAT), pages 117--124, New York, NY USA, 2002. ACM Press. Google ScholarDigital Library
- L. Zhang, G.-J. Ahn, and B.-T. Chu. A role-based delegation framework for healthcare information systems. In Proceedings of the seventh ACM symposium on Access control models and technologies (SACMAT), pages 125--134, New York, NY USA, 2002. ACM Press. Google ScholarDigital Library
Index Terms
- Extending access control models with break-glass
Recommendations
Attribute-Based encryption with break-glass
WISTP'10: Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart DevicesAttribute-based Encryption (abe) allows for implementing fine-grained decentralized access control based on properties or attributes a user has. Thus, there is no need for writing detailed, user-based policies in advance. This makes abe in particular ...
Role-Based Access Control Models
Since the 1970s, computer systems have featured multiple applications and served multiple users, leading to heightened awareness of data security issues. System administrators and software developers focused on different kinds of access control to ...
Comments