| Summary: | Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access). Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The presented model is generic both in the sense that it allows to model existing Break-Glass approaches and that it is independent of the underlying access control model. Contents Generic Break-Glass model and Break-Glass lifecycle Policy definition: pre-access User information, recording the system state: at-access Analysis: post-access Target Groups Researchers and students in the field of computer science and access control, as well as scholars applying the concept of emergency access, e.g., in medical care Application developers with demanding requirements regarding the access control system, e.g., using XACML; application architects for systems implementing emergency access About the Author Helmut Petritsch is currently working as developer of enterprise software at a German multinational company.
|
|---|
