Bilattices and the semantics of logic programming
Journal of Logic Programming
Optimistic security: a new access control paradigm
Proceedings of the 1999 workshop on New security paradigms
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
Fixpoint semantics for logic programming a survey
Theoretical Computer Science
What You Always Wanted to Know About Datalog (And Never Dared to Ask)
IEEE Transactions on Knowledge and Data Engineering
A Generalized Temporal Role-Based Access Control Model
IEEE Transactions on Knowledge and Data Engineering
How to Break Access Control in a Controlled Manner
CBMS '06 Proceedings of the 19th IEEE Symposium on Computer-Based Medical Systems
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
Provisions and obligations in policy management and security applications
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
A simple and expressive semantic framework for policy composition in access control
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
An obligation model bridging access control policies and privacy policies
Proceedings of the 13th ACM symposium on Access control models and technologies
Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
D-algebra for composing access control policy decisions
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
The next 700 access control models or a unifying meta-model?
Proceedings of the 14th ACM symposium on Access control models and technologies
Extending access control models with break-glass
Proceedings of the 14th ACM symposium on Access control models and technologies
How to Securely Break into RBAC: The BTG-RBAC Model
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
SecPAL: Design and semantics of a decentralized authorization language
Journal of Computer Security - Digital Identity Management (DIM 2007)
Towards access control model engineering
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Dynamic enforcement of abstract separation of duty constraints
ACM Transactions on Information and System Security (TISSEC)
Context-awareness: exploring the imperative shared context of security and ubiquitous computing
Proceedings of the 14th International Conference on Information Integration and Web-based Applications & Services
Generic support for RBAC break-glass policies in process-aware information systems
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Business Driven User Role Assignment: Nimble Adaptation of RBAC to Organizational Changes
International Journal of Information Security and Privacy
Enforcement of entailment constraints in distributed service-based business processes
Information and Software Technology
Mining Deviations from Patient Care Pathways via Electronic Medical Record System Audits
ACM Transactions on Management Information Systems (TMIS) - Special Issue on Informatics for Smart Health and Wellbeing
Runtime adaptive multi-factor authentication for mobile devices
IBM Journal of Research and Development
| Hi-index | 0.00 |
Access control operates under the assumption that it is possible to correctly encode and predict all subjects' needs and rights. However, in human-centric pervasive domains, such as health care, it is hard if not impossible to encode all emergencies and exceptions, but also to imagine a priori all the permissible requests. Break-glass is an approach that em- bodies the idea that under certain conditions it is possible for a subject to break-the-glass and explicitly override the denied request. Current break-glass models make this decision without considering and investigating what the reasons for issuing the denial are, and they have a fixed decision procedure to determine whether the override is permitted. Furthermore, they do not explicitly represent and reason over conflicting and missing information about subjects and the context; which in human-centric pervasive domains is a norm rather than an anomaly. This paper presents a novel break-glass model, Rumpole, that structures a break-glass policy by establishing why the access was denied. It uses Belnap's four-valued logic to represent conflicting and missing (unknown) information, allowing the policy to make a more informed decision when faced with missing or inconsistent knowledge. The model also provides a declarative query language that is used to specify an explicit break-glass decision procedure, rather than having an implicitly hard-coded one. This allows a policy writer to further condition and restrict when and how break-glass access is permitted.