Break-Glass (PDF)

Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access).

Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The presented model is generic both in the sense that it allows to model existing Break-Glass approaches and that it is independent of the underlying access control model.

Contents

• Generic Break-Glass model and Break-Glass lifecycle
• Policy definition: pre-access
• User information, recording the system state: at-access
• Analysis: post-access

 Target Groups

• Researchers and students in the field of computer science and access control, as well as scholars applying the concept of emergency access, e.g., in medical care
•  Application developers with demanding requirements regarding the access control system, e.g., using XACML; application architects for systems implementing emergency access

About the Author

Helmut Petritsch is currently working as developer of enterprise software at a German multinational company.