Break-Glass, 2014
Handling Exceptional Situations in Access Control

Helmut Petritsch describes the first holistic approach to Break-Glass which covers the whole life-cycle: from access control modeling (pre-access), to logging the security-relevant system state during Break-Glass accesses (at-access), and the automated analysis of Break-Glass accesses (post-access). Break-Glass allows users to override security restrictions in exceptional situations. While several Break-Glass models specific to given access control models have already been discussed in research (e.g., extending RBAC with Break-Glass), the author introduces a generic Break-Glass model. The presented model is generic both in the sense that it allows to model existing Break-Glass approaches and that it is independent of the underlying access control model.

​Introduction.- Background.- A Generic Break-Glass Model.- Policy Definition: Pre-Access.- User Information: At-Access.- Analysis: Post-Access.- Implementation.- Related Work.- Evaluation.- Discussion and Conclusion.

Helmut Petritsch is currently working as developer of enterprise software at a German multinational company.