Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access).
Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The presented model is generic both in the sense that it allows to model existing Break-Glass approaches and that it is independent of the underlying access control model.
- Generic Break-Glass model and Break-Glass lifecycle
- Policy definition: pre-access
- User information, recording the system state: at-access
- Analysis: post-access
- Researchers and students in the field of computer science and access control, as well as scholars applying the concept of emergency access, e.g., in medical care
- Application developers with demanding requirements regarding the access control system, e.g., using XACML; application architects for systems implementing emergency access
About the Author
Helmut Petritsch is currently working as developer of enterprise software at a German multinational company.