[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Break the Glass policies
On Mon, 14 Dec 2009, Ludwig Seitz wrote: > Hi David, > > you might want to look at this: > http://portal.acm.org/citation.cfm?id=1263871 > > I think it is very similar to what you want to achieve. > > Regards, > > Ludwig By odd coincidence, I encountered a reference to XACML and BTG yesterday in an ACM SACMAT 2009 paper. I provide some references below, though I've not yet spotted an online copy of David's ACSAC 2009 paper "How to Securely Break into RBAC: the BTG-RBAC Model" ================================================================================ "Extending Access Control Models with Break-glass" Achim D. Brucker (achim.brucker@sap.com) SAP Research Helmut Petritsch (helmut.petritsch@sap.com) SAP Research Presented June 5, 2009 at ACM SACMAT Proceedings of the Fourteenth ACM symposium on Access Control Models and Technologies http://www.sacmat.org/2009/index.php http://www.brucker.ch/bibliography/abstract/brucker.ea-extending-2009.en.html http://www.brucker.ch/bibliography/download/2009/brucker.ea-extending-2009.pdf Access control models are usually static, i.e., permissions are granted based on a policy that only changes seldom. Especially for scenarios in health care and disaster management, a more flexible support of access control, i.e., the underlying policy, is needed. Break-glass is one approach for such a flexible support of policies which helps to prevent system stagnation that could harm lives or otherwise result in losses. Today, break-glass techniques are usually added on top of standard access control solutions in an ad-hoc manner and, therefore, lack an integration into the underlying access control paradigm and the systems' access control enforcement architecture. We present an approach for integrating, in a fine-grained manner, break-glass strategies into standard access control models and their accompanying enforcement architecture. This integration provides means for specifying break-glass policies precisely and supporting model-driven development techniques based on such policies. Our contributions are four-fold: first, we present a generic break-glass model. Second, we present a SecureUML extension supporting break-glass. Third, we present a security architecture supporting break-glass and, finally, a transformation from break-glass SecureUML policies to XACML. The rest of the paper is structured as follows: after introducing the preliminaries of our work in Section 2, we present a generic break-glass model which can be integrated into a large class of access control models in Section 3. In the same section, we also present, as an example for such an integration, an extension for SecureUML supporting break-glass. We present a security architecture supporting break-glass in Section 4. This architecture is the target of the transformation of break-glass SecureUML policies to XACML which we present in Section 5. Finally report on related work in Section 6 and present our conclusions in Section 7. ================================================================== How to Securely Break into RBAC: the BTG-RBAC Model Ana Ferreira, David Chadwick, Pedro Farinha, Gansen Zhao, Rui Chilro 2009 Annual Computer Security Applications Conference http://www.acsac.org/2009/ http://www.acsac.org/2009/openconf/modules/request.php?module=oc_program&action=summary.php&id=135 Access control models describe frameworks that dictate how subjects (e.g. users) access resources. In the Role-Based Access Control (RBAC) model access to resources is based on the role the user holds within the organization. Although flexible and easier to manage within large-scale authorization frameworks, RBAC is usually a static model where access control decisions have only two output options: Grant or Deny. Break The Glass (BTG) policies can be provided in order to break or override the access controls within an access control policy but in a controlled and justifiable manner. The main objective of this paper is to integrate BTG within the NIST/ANSI RBAC model in a transparent and secure way so that it can be adopted generically in any domain where unanticipated or emergency situations may occur. The new proposed model, called BTG-RBAC, provides a third decision option BTG. This allows break the glass policies to be implemented in any application without any major changes to either the application or the RBAC authorization infrastructure, apart from the decision engine. Finally, in order to validate the model, we discuss how the BTG-RBAC model is being introduced within a Portuguese healthcare institution where the legislation requires that genetic information must be accessed by a restricted group of healthcare professionals. These professionals, advised by the ethical committee, have required and asked for the implementation of the BTG concept in order to comply with the said legislation. Related: How to break access control in a controlled manner http://kar.kent.ac.uk/14476/1/How_to_break_access_control_in_a_controlled_manner.pdf Modular Authorisation Infrastructures http://www.sti.uniurb.it/events/fosad08/slides/Chadwick_ModAuthz.pdf =========== Robin Cover OASIS, Director of Information Services Editor, Cover Pages and XML Daily Newslink Email: robin@oasis-open.org Staff bio: http://www.oasis-open.org/who/staff.php#cover Cover Pages: http://xml.coverpages.org/ Newsletter: http://xml.coverpages.org/newsletterArchive.html Tel: +1 972-296-1783 On Mon, 14 Dec 2009, Ludwig Seitz wrote: > Hi David, > > you might want to look at this: > http://portal.acm.org/citation.cfm?id=1263871 > > I think it is very similar to what you want to achieve. > > Regards, > > Ludwig > > -- > Ludwig Seitz, PhD | Axiomatics AB > Training & Development | Electrum 223 > Phone: +46 (0)760 44 22 91 | S-164 40 Kista, Sweden > Mail: ludwig@axiomatics.com | >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]