A Review of Delegation and Break-Glass Models for Flexible Access Control Management

  • Sigrid Schefer-Wenzl
  • Helena Bukvova
  • Mark Strembeck
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 183)


Access control models provide important means for the systematic specification and management of the permissions in a business information system. While there are may well-known access control models (e.g., RBAC), standard access control models are often not suited for handling exceptional situations. The demand to increase the flexibility of access management has been approached mainly via the development of delegation models and break-glass models. This paper presents the results of a literature review of 329 delegation and break-glass approaches. We give an overview on the existing body of scientific literature in these two areas and compare 35 selected approaches in detail. We reveal different ways of providing delegation and break-glass concepts in general as well as in the context of business process management. Moreover, we identify different sub-topics that have not yet been addressed in detail and thus provide opportunities for future research.


Access control Beak-glass Business processes Delegation 


  1. 1.
    Alqatawna, J., Rissanen, E., Sadighi, B.: Overriding of access control in XACML. In: Proceedings of the 8th IEEE International Workshop on Policies for Distributed Systems and Networks (2007)Google Scholar
  2. 2.
    Ardagna, C.A., di Vimercati, S.D.C., Foresti, S., Grandison, T.W., Jajodia, S., Samarati, P.: Access control for smarter healthcare using policy spaces. Comput. Secur. 29(8), 848–858 (2010)CrossRefGoogle Scholar
  3. 3.
    Atluri, V., Warner, J.: Supporting conditional delegation in secure workflow management systems. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT) (2005)Google Scholar
  4. 4.
    Barka, E., Sandhu, R.: A role-based delegation model and some extensions. In: Proceedings of the 23rd National Information Systems Security Conference (2000)Google Scholar
  5. 5.
    Barka, E., Sandhu, R.: Framework for role-based delegation models. In: Proceedings of the 16th Annual Computer Security Applications Conference (2000)Google Scholar
  6. 6.
    Brucker, A.D., Petritsch, H.: Extending access control models with break-glass. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT) (2009)Google Scholar
  7. 7.
    Carminati, B., Ferrari, E., Guglielmi, M.: Secure information sharing on support of emergency management. In: Proceedings of the International Conference on Privacy, Security, Risk and Trust (2011)Google Scholar
  8. 8.
    Carminati, B., Ferrari, E., Guglielmi, M.: SHARE: Secure information sHaring frAmework for emeRgency managemEnt. In: Proceedings of the 29th International Conference on Data Engineering (ICDE) (2013)Google Scholar
  9. 9.
    Clark, D.D., Wilson, D.R.: A comparison of commercial and military security policies. In: IEEE Symposium on Security and Privacy (1987)Google Scholar
  10. 10.
    Cole, J., Derrick, J., Milosevic, Z., Raymond, K.: Author obliged to submit paper before 4 July: policies in an enterprise specification. In: Sloman, M., Lobo, J., Lupu, E.C. (eds.) POLICY 2001. LNCS, vol. 1995, pp. 1–17. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Crampton, J., Khambhammettu, H.: Delegation and satisfiability in workflow systems. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT) (2008)Google Scholar
  12. 12.
    Crampton, J., Khambhammettu, H.: On delegation and workflow execution models. In: Proceedings of the 2008 ACM Symposium on Applied Computing (SAC) (2008)Google Scholar
  13. 13.
    Crampton, J., Morisset, C.: An auto-delegation mechanism for access control systems. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 1–16. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Ferreira, A., Chadwick, D., Farinha, P., Correia, R., Zao, G., Chilro, R., Antunes, L.: How to securely break into RBAC: the BTG-RBAC model. In: Proceeings of the 2009 Annual Computer Security Applications Conference (2009)Google Scholar
  15. 15.
    Ferreira, A., Cruz-Correia, R., Antunes, L., Farinha, P., Oliveira-Palhares, E., Chadwick, D.W., Costa-Pereira, A.: How to break access control in a controlled manner. In: Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems (2006)Google Scholar
  16. 16.
    Gaaloul, K., Charoy, F.: Task delegation based access control models for workflow systems. In: Canals, G., Godart, C., Gronau, N., Sharma, S. (eds.) I3E 2009. IFIP AICT, vol. 305, pp. 400–414. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Gaaloul, K., Proper, E., Charoy, F.: An extended RBAC model for task delegation in workflow systems. In: Niedrite, L., Strazdina, R., Wangler, B. (eds.) BIR Workshops 2011. LNBIP, vol. 106, pp. 51–63. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Gaaloul, K., Zahoor, E., Charoy, F., Godart, C.: Dynamic authorisation policies for event-based task delegation. In: Pernici, B. (ed.) CAiSE 2010. LNCS, vol. 6051, pp. 135–149. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Ghorbel-Talbi, M.B., Cuppens, F., Cuppens-Boulahia, N.: Negotiating and delegating obligations. In: Proceedings of the International Conference on Management of Emergent Digital EcoSystems (MEDES) (2010)Google Scholar
  20. 20.
    Ben Ghorbel-Talbi, M., Cuppens, F., Cuppens-Boulahia, N., Le Métayer, D., Piolle, G.: Delegation of obligations and responsibility. In: Camenisch, J., Fischer-Hübner, S., Murayama, Y., Portmann, A., Rieder, C. (eds.) SEC 2011. IFIP AICT, vol. 354, pp. 197–209. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Hasebe, K., Mabuchi, M., Matsushita, A.: Capability-based delegation model in RBAC. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies (SACMAT) (2010)Google Scholar
  22. 22.
    Jalali, S., Wohlin, C.: Systematic literature studies: database searches vs. backward snowballing. In: Proceedings of the ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, ESEM ’12, pp. 29–38. ACM, New York (2012)Google Scholar
  23. 23.
    Kitchenham, B., Brereton, O.P., Budgen, D., Turner, M., Bailey, J., Linkman, S.: Systematic literature reviews in software engineering - a systematic literature review. Inf. Softw. Technol. 51(1), 7–15 (2009)CrossRefGoogle Scholar
  24. 24.
    Marinovic, S., Craven, R., Ma, J., Dulay, N.: Rumpole: a flexible break-glass access control model. In: Proceedings of the 16th ACM Symposium on Access Control Models and Technologies (2011)Google Scholar
  25. 25.
    Nurcan, S.: A survey on the flexibility requirements related to business processes and modeling artifacts. In: Proceedings of the 41st Annual Hawaii International Conference on System Sciences (2008)Google Scholar
  26. 26.
    Povey, D.: Optimistic security: a new access control paradigm. In: Proceedings of the 1999 Workshop on New Security Paradigms (2000)Google Scholar
  27. 27.
    Ravi Sandhu, H.F., Coyne, E., Youman, C.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)CrossRefGoogle Scholar
  28. 28.
    Reichert, M., Dadam, P.: Adept_flexSupporting dynamic changes of workflows without losing control. J. Intell. Inf. Syst. 10(2), 93–129 (1998)CrossRefGoogle Scholar
  29. 29.
    Reichert, M., Rinderle-Ma, S., Dadam, P.: Flexibility in process-aware information systems. In: Jensen, K., van der Aalst, W.M.P. (eds.) ToPNoC II. LNCS, vol. 5460, pp. 115–135. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    Rissanen, E.: Towards a mechanism for discretionary overriding of access control (transcript of discussion). In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2004. LNCS, vol. 3957, pp. 320–323. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  31. 31.
    Rissanen, E., Firozabadi, B.S., Sergot, M.: Discretionary overriding of access control in the privilege calculus. In: Dimitrakos, T., Martinelli, F. (eds.) FAST 2005. IFIP, vol. 173, pp. 219–232. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  32. 32.
    Schaad, A., Moffett, J.D.: Delegation of obligations. In: Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (2002)Google Scholar
  33. 33.
    Schefer, S., Strembeck, M.: Modeling support for delegating roles, tasks, and duties in a process-related RBAC context. In: Salinesi, C., Pastor, O. (eds.) CAiSE Workshops 2011. LNBIP, vol. 83, pp. 660–667. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  34. 34.
    Schefer-Wenzl, S., Strembeck, M.: A UML extension for modeling break-glass policies. In: Proceedings of the 5th International Workshop on Enterprise Modelling and Information Systems Architectures (EMISA) (2012)Google Scholar
  35. 35.
    Schefer-Wenzl, S., Strembeck, M.: Generic support for RBAC break-glass policies in process-aware information systems. In: Proceedings of the 28th ACM Symposium on Applied Computing (SAC) (2013)Google Scholar
  36. 36.
    Schefer-Wenzl, S., Strembeck, M., Baumgrass, A.: An approach for consistent delegation in process-aware information systems. In: Abramowicz, W., Kriksciuniene, D., Sakalauskas, V. (eds.) BIS 2012. LNBIP, vol. 117, pp. 60–71. Springer, Heidelberg (2012)Google Scholar
  37. 37.
    Shang, Q., Wang, X.: Constraints for permission-based delegations. In: Proceedings of the 8th IEEE International Conference on Computer and Information Technology Workshops (2008)Google Scholar
  38. 38.
    Sohr, K., Kuhlmann, M., Gogolla, M., Hu, H., Ahn, G.-J.: Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL. Inf. Softw. Technol. 54(12), 1396–1417 (2012)CrossRefGoogle Scholar
  39. 39.
    van der Aalst, W.M.P., Rosemann, M., Dumas, M.: Deadline-based escalation in process-aware information systems. Decis. Support Syst. 43, 492–511 (2007)CrossRefGoogle Scholar
  40. 40.
    Wainer, J., Barthelmess, P., Kumar, A.: W-RBAC - a workflow security model incorporating controlled overriding of constraints. Int. J. Coop. Inf. Syst. (IJCIS) 12(4), 455–485 (2003)CrossRefGoogle Scholar
  41. 41.
    Wainer, J., Kumar, A., Barthelmess, P.: DW-RBAC: a formal security model of delegation and revocation in workflow systems. Inf. Syst. 32(3), 365–384 (2007)CrossRefGoogle Scholar
  42. 42.
    Weber, B., Rinderle, S., Reichert, M.: Change patterns and change support features in process-aware information systems. In: Krogstie, J., Opdahl, A.L., Sindre, G. (eds.) CAiSE 2007. LNCS, vol. 4495, pp. 574–588. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  43. 43.
    Zhang, H., Babar, M.A.: Systematic reviews in software engineering: an empirical investigation. Inf. Softw. Technol. 55(7), 1341–1354 (2013)CrossRefGoogle Scholar
  44. 44.
    Zhang, L., Ahn, G.-J., Chu, B.-T.: A rule-based framework for role-based delegation and revocation. ACM Trans. Inf. Syst. Secur. 6, 404–441 (2003)CrossRefGoogle Scholar
  45. 45.
    Zhang, X., Oh, S., Sandhu, R.: PBDM: a flexible delegation model in RBAC. In: Proceedings of the 8th ACM Symposium on Access Control Models and Technologies (2003)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Sigrid Schefer-Wenzl
    • 1
    • 2
  • Helena Bukvova
    • 2
  • Mark Strembeck
    • 2
  1. 1.Competence Center for IT-SecurityUniversity of Applied Sciences Campus ViennaViennaAustria
  2. 2.Institute for Information Systems, New Media LabWU ViennaViennaAustria

Personalised recommendations