In the previous chapter 3 we presented a generic Break-Glass model, which uses the Access Control Function (ACF) as abstraction of underlying Access Control (AC) models. We will now introduce the differentiation between policy permissions and policy state, representing a more concrete abstraction of AC models. Based on this, we will show how our Break-Glass model can be used to define Break-Glass policies for the running example. But first of all, we will present an authorization infrastructure which allows to implement the (regular) privileges needed in the running example.
KeywordsPolicy State Policy Language Security State Administrative Control Policy Decision Point
Unable to display preview. Download preview PDF.