Remote Patient Monitoring Within a Future 5G Infrastructure
Wireless Personal Communications: An International Journal
Rumpole: a flexible break-glass access control model
Proceedings of the 16th ACM symposium on Access control models and technologies
A privacy preserving authorisation system for the cloud
Journal of Computer and System Sciences
MMM-ACNS'12 Proceedings of the 6th international conference on Mathematical Methods, Models and Architectures for Computer Network Security: computer network security
Context-awareness: exploring the imperative shared context of security and ubiquitous computing
Proceedings of the 14th International Conference on Information Integration and Web-based Applications & Services
Generic support for RBAC break-glass policies in process-aware information systems
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Business Driven User Role Assignment: Nimble Adaptation of RBAC to Organizational Changes
International Journal of Information Security and Privacy
Hi-index | 0.00 |
Access control models describe frameworks that dictate how subjects (e.g. users) access resources. In the Role-Based Access Control (RBAC) model access to resources is based on the role the user holds within the organization. RBAC is a rigid model where access control decisions have only two output options: Grant or Deny. Break The Glass (BTG) policies on the other hand are flexible and allow users to break or override the access controls in a controlled and justifiable manner. The main objective of this paper is to integrate BTG within the NIST/ANSI RBAC model in a transparent and secure way so that it can be adopted generically in any domain where unanticipated or emergency situations may occur. The new proposed model, called BTG-RBAC, provides a third decision option BTG, which grants authorized users permission to break the glass rather than be denied access. This can easily be implemented in any application without major changes to either the application code or the RBAC authorization infrastructure, apart from the decision engine. Finally, in order to validate the model, we discuss how the BTG-RBAC model is being introduced within a Portuguese healthcare institution where the legislation requires that genetic information must be accessed by a restricted group of healthcare professionals. These professionals, advised by the ethical committee, have required and asked for the implementation of the BTG concept in order to comply with the said legislation.