Towards a mechanism for discretionary overriding of access control

Authors:
Erik Rissanen;Babak Sadighi Firozabadi;Marek Sergot
Affiliations:
Swedish Institute of Computer Science;Swedish Institute of Computer Science;Department of Computing, Imperial College of Science, Technology and Medicine, University of London
Venue:
SP'04 Proceedings of the 12th international conference on Security Protocols
Year:
2004

Citing 9
Cited 6

Optimistic security: a new access control paradigm

Proceedings of the 1999 workshop on New security paradigms
Managing access control policies using access control spaces

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
A new dimension in access control: studying maintenance engineering across organizational boundaries

CSCW '02 Proceedings of the 2002 ACM conference on Computer supported cooperative work
Power and Permission in Security Systems

Proceedings of the 7th International Workshop on Security Protocols
Using Authority Certificates to Create Management Structures

Revised Papers from the 9th International Workshop on Security Protocols
A Logic-based Knowledge Representation for Authorization with Delegation

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Constrained Delegation

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Enforcing well-formed and partially-formed transactions for Unix

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Decentralized trust management

SP'96 Proceedings of the 1996 IEEE conference on Security and privacy

Computer-supported access control

ACM Transactions on Computer-Human Interaction (TOCHI)
A calculus for the qualitative risk assessment of policy override authorization

Proceedings of the 3rd international conference on Security of information and networks
Protecting privacy during peer-to-peer exchange of medical documents

Information Systems Frontiers
Provenance as a security control

TaPP'12 Proceedings of the 4th USENIX conference on Theory and Practice of Provenance
An adaptive access control model with privileges overriding and behaviour monitoring in wireless sensor networks

Proceedings of the 8h ACM symposium on QoS and security for wireless and mobile networks
Generic support for RBAC break-glass policies in process-aware information systems

Proceedings of the 28th Annual ACM Symposium on Applied Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Because it is difficult to predict access needs in advance and the limitations of formal policy languages it is difficult to completely define an access control policy ahead of the actual use. We suggest the use of an policy language which allows for override of denied access in some cases for increased flexibility. The overrides should be audited and we suggest that the access control policy can be used for finding the people who should perform the audit.