Role-Based Access Control Models
Computer
Requirements for access control: US Healthcare domain
RBAC '98 Proceedings of the third ACM workshop on Role-based access control
Optimistic security: a new access control paradigm
Proceedings of the 1999 workshop on New security paradigms
A model of accountability, confidentiality and override for healthcare and other applications
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
Managing access control policies using access control spaces
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A context-related authorization and access control method based on RBAC:
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A role-based delegation framework for healthcare information systems
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
ACM SIGAda Ada Letters
The Theory and Practice of Concurrency
The Theory and Practice of Concurrency
A new dimension in access control: studying maintenance engineering across organizational boundaries
CSCW '02 Proceedings of the 2002 ACM conference on Computer supported cooperative work
Framework for role-based delegation models
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Using trust and risk in role-based access control policies
Proceedings of the ninth ACM symposium on Access control models and technologies
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
Model driven security: From UML models to access control infrastructures
ACM Transactions on Software Engineering and Methodology (TOSEM)
How to Break Access Control in a Controlled Manner
CBMS '06 Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems
Enforcing well-formed and partially-formed transactions for Unix
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Overriding of Access Control in XACML
POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
A posteriori compliance control
Proceedings of the 12th ACM symposium on Access control models and technologies
Automated analysis of security-design models
Information and Software Technology
A model transformation semantics and analysis methodology for SecureUML
MoDELS'06 Proceedings of the 9th international conference on Model Driven Engineering Languages and Systems
Towards a mechanism for discretionary overriding of access control (transcript of discussion)
SP'04 Proceedings of the 12th international conference on Security Protocols
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Rumpole: a flexible break-glass access control model
Proceedings of the 16th ACM symposium on Access control models and technologies
An auto-delegation mechanism for access control systems
STM'10 Proceedings of the 6th international conference on Security and trust management
Considering privacy and effectiveness of authorization policies for shared electronic health records
Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium
Attribute-Based encryption with break-glass
WISTP'10 Proceedings of the 4th IFIP WG 11.2 international conference on Information Security Theory and Practices: security and Privacy of Pervasive Systems and Smart Devices
Risk-Aware role-based access control
STM'11 Proceedings of the 7th international conference on Security and Trust Management
A quantitative approach for inexact enforcement of security policies
ISC'12 Proceedings of the 15th international conference on Information Security
Ensuring continuous compliance through reconciling policy with usage
Proceedings of the 18th ACM symposium on Access control models and technologies
Generic support for RBAC break-glass policies in process-aware information systems
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Business Driven User Role Assignment: Nimble Adaptation of RBAC to Organizational Changes
International Journal of Information Security and Privacy
Proceedings of the 2013 ACM international conference on Interactive tabletops and surfaces
Future Generation Computer Systems
| Hi-index | 0.00 |
Access control models are usually static, i.e, permissions are granted based on a policy that only changes seldom. Especially for scenarios in health care and disaster management, a more flexible support of access control, i.e., the underlying policy, is needed. Break-glass is one approach for such a flexible support of policies which helps to prevent system stagnation that could harm lives or otherwise result in losses. Today, break-glass techniques are usually added on top of standard access control solutions in an ad-hoc manner and, therefore, lack an integration into the underlying access control paradigm and the systems' access control enforcement architecture. We present an approach for integrating, in a fine-grained manner, break-glass strategies into standard access control models and their accompanying enforcement architecture. This integration provides means for specifying break-glass policies precisely and supporting model-driven development techniques based on such policies.