Model-driven specification and enforcement of RBAC break-glass policies for process-aware information systems

Context: In many organizational environments critical tasks exist which - in exceptional cases such as an emergency - must be performed by a subject although he/she is usually not authorized to perform these tasks. Break-glass policies have been introduced as a sophisticated exception handling mechanism to resolve such situations. They enable certain subjects to break or override the standard access control policies of an information system in a controlled manner. Objective: In the context of business process modeling a number of approaches exist that allow for the formal specification and modeling of process-related access control concepts. However, corresponding support for break-glass policies is still missing. In this paper, we aim at specifying a break-glass extension for process-related role-based access control (RBAC) models. Method: We use model-driven development (MDD) techniques to provide an integrated, tool-supported approach for the definition and enforcement of break-glass policies in process-aware information systems. In particular, we provide modeling support on the computation independent model (CIM) layer as well as on the platform independent model (PIM) and platform specific model (PSM) layers. Results: Our approach is generic in the sense that it can be used to extend process-aware information systems or process modeling languages with support for process-related RBAC and corresponding break-glass policies. Based on the formal CIM layer metamodel, we present a UML extension on the PIM layer that allows for the integrated modeling of processes and process-related break-glass policies via extended UML Activity diagrams. We evaluated our approach in a case study on real-world processes. Moreover, we implemented our approach at the PSM layer as an extension to the BusinessActivity library and runtime engine. Conclusion: Our integrated modeling approach for process-related break-glass policies allows for specifying break-glass rules in process-aware information systems.

[1]  Achim D. Brucker,et al.  Attribute-Based Encryption with Break-Glass , 2010, WISTP.

[2]  Ravi S. Sandhu,et al.  Task-Based Authorization Controls (TBAC): A Family of Models for Active and Enterprise-Oriented Autorization Management , 1997, DBSec.

[3]  Peter Fettke,et al.  Business Process Modeling Notation , 2008, Wirtschaftsinf..

[4]  Stefanie Rinderle-Ma,et al.  Change Patterns and Change Support Features in Process-Aware Information Systems , 2007, Seminal Contributions to Information Systems Engineering.

[5]  Andreas Schaad,et al.  Task-based entailment constraints for basic workflow patterns , 2008, SACMAT '08.

[6]  Akhil Kumar,et al.  W-RBAC - A Workflow Security Model Incorporating Controlled Overriding of Constraints , 2003, Int. J. Cooperative Inf. Syst..

[7]  Mark Strembeck,et al.  An approach for the systematic development of domain‐specific languages , 2009, Softw. Pract. Exp..

[8]  Mario Piattini,et al.  Capturing Security Requirements in Business Processes Through a UML 2.0 Activity Diagrams Profile , 2006, ER.

[9]  Achim D. Brucker,et al.  Extending access control models with break-glass , 2009, SACMAT '09.

[10]  David Wetherall,et al.  Extending Tcl for Dynamic Object-Oriented Programming , 1995, Tcl/Tk Workshop.

[11]  Mark Strembeck,et al.  Object-based and class-based composition of transitive mixins , 2007, Inf. Softw. Technol..

[12]  Roshan K. Thomas,et al.  Flexible team-based access control using contexts , 2001, SACMAT '01.

[13]  Mark Strembeck Embedding policy rules for software-based systems in a requirements context , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[14]  Dickson K. W. Chiu,et al.  A Meta Modeling Approach to Workflow Management Systems Supporting Exception Handling , 1999, Inf. Syst..

[15]  Mark Strembeck,et al.  Modeling Support for Delegating Roles, Tasks, and Duties in a Process-Related RBAC Context , 2011, CAiSE Workshops.

[16]  Seog Park,et al.  Task-role-based access control model , 2003, Inf. Syst..

[17]  Jan H. P. Eloff,et al.  Separation of duties for access control enforcement in workflow environments , 2001, IBM Syst. J..

[18]  Mark Strembeck,et al.  Detecting and Resolving Conflicts of Mutual-Exclusion and Binding Constraints in a Business Process Context , 2011, OTM Conferences.

[19]  Jan Mendling,et al.  Understanding Business Process Models: The Costs and Benefits of Structuredness , 2012, CAiSE.

[20]  Vijayalakshmi Atluri,et al.  Inter-instance authorization constraints for secure workflow management , 2006, SACMAT '06.

[21]  Bente Anda,et al.  Experiences from conducting semi-structured interviews in empirical software engineering research , 2005, 11th IEEE International Software Metrics Symposium (METRICS'05).

[22]  David W. Chadwick,et al.  How to Securely Break into RBAC: The BTG-RBAC Model , 2009, 2009 Annual Computer Security Applications Conference.

[23]  Mark Strembeck,et al.  Generic Algorithms for Consistency Checking of Mutual-Exclusion and Binding Constraints in a Business Process Context , 2010, OTM Conferences.

[24]  Nora Cuppens-Boulahia,et al.  Modeling contextual security policies , 2008, International Journal of Information Security.

[25]  Fabio Casati,et al.  Specification and implementation of exceptions in workflow management systems , 1999, TODS.

[26]  David W. Chadwick,et al.  How to Break Access Control in a Controlled Manner , 2006, 19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06).

[27]  Jason Crampton,et al.  Delegation and satisfiability in workflow systems , 2008, SACMAT '08.

[28]  Per Runeson,et al.  Guidelines for conducting and reporting case study research in software engineering , 2009, Empirical Software Engineering.

[29]  Mark Strembeck,et al.  A UML Extension for Modeling Break-Glass Policies , 2012, EMISA.

[30]  Klemens Böhm,et al.  Embedding 'Break the Glass' into Business Process Models , 2012, OTM Conferences.

[31]  A. Strauss,et al.  Basics of Qualitative Research , 1992 .

[32]  Mark Strembeck,et al.  An integrated approach to engineer and enforce context constraints in RBAC environments , 2004, TSEC.

[33]  Wil M. P. van der Aalst,et al.  Workflow Resource Patterns: Identification, Representation and Tool Support , 2005, CAiSE.

[34]  Gilad Bracha,et al.  Modularity meets inheritance , 1992, Proceedings of the 1992 International Conference on Computer Languages.

[35]  Manfred Reichert,et al.  Flexibility in Process-Aware Information Systems , 2009, Trans. Petri Nets Other Model. Concurr..

[36]  Elisa Bertino,et al.  The specification and enforcement of authorization constraints in workflow management systems , 1999, TSEC.

[37]  Anselm L. Strauss,et al.  Basics of qualitative research : techniques and procedures for developing grounded theory , 1998 .

[38]  William R. Cook,et al.  Mixin-based inheritance , 1990, OOPSLA/ECOOP '90.

[39]  Marek J. Sergot,et al.  Towards a Mechanism for Discretionary Overriding of Access Control , 2004, Security Protocols Workshop.

[40]  Babak Sadighi Firozabadi,et al.  Overriding of Access Control in XACML , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[41]  Mark Strembeck Scenario-Driven Role Engineering , 2010, IEEE Security & Privacy.

[42]  Mark Strembeck,et al.  Checking Satisfiability Aspects of Binding Constraints in a Business Process Context , 2011, Business Process Management Workshops.

[43]  Wil M. P. van der Aalst,et al.  Workflow Exception Patterns , 2006, CAiSE.

[44]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[45]  Barbara Carminati,et al.  Secure Information Sharing on Support of Emergency Management , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[46]  Manfred Reichert,et al.  Adeptflex—Supporting Dynamic Changes of Workflows Without Losing Control , 1998, Journal of Intelligent Information Systems.

[47]  Selmin Nurcan,et al.  A Survey on the Flexibility Requirements Related to Business Processes and Modeling Artifacts , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[48]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[49]  Mark Strembeck,et al.  Generic support for RBAC break-glass policies in process-aware information systems , 2013, SAC '13.

[50]  Jason Crampton,et al.  The consistency of task-based authorization constraints in workflow , 2004 .

[51]  Elisa Bertino,et al.  TRBAC , 2001, ACM Trans. Inf. Syst. Secur..

[52]  J. M. Dunn,et al.  Modern Uses of Multiple-Valued Logic , 1977 .

[53]  Srdjan Marinovic,et al.  Rumpole: a flexible break-glass access control model , 2011, SACMAT '11.

[54]  Sushil Jajodia,et al.  Access control for smarter healthcare using policy spaces , 2010, Comput. Secur..

[55]  Wil M. P. van der Aalst,et al.  Deadline-based escalation in process-aware information systems , 2007, Decis. Support Syst..

[56]  Mark Strembeck,et al.  An Approach for Consistent Delegation in Process-Aware Information Systems , 2012, BIS.

[57]  Bernhard Hoisl,et al.  Modeling and enforcing secure object flows in process-driven SOAs: an integrated model-driven approach , 2012, Software & Systems Modeling.

[58]  Mark Strembeck,et al.  Modeling process-related RBAC models with extended UML activity models , 2011, Inf. Softw. Technol..

[59]  Jan Jürjens,et al.  From goal‐driven security requirements engineering to secure design , 2010, Int. J. Intell. Syst..

[60]  M Mernik,et al.  When and how to develop domain-specific languages , 2005, CSUR.

[61]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[62]  Douglas C. Schmidt,et al.  Guest Editor's Introduction: Model-Driven Engineering , 2006, Computer.

[63]  Hannes Schwarz,et al.  Model-Driven Software Development , 2013 .

[64]  Bran Selic,et al.  The Pragmatics of Model-Driven Development , 2003, IEEE Softw..

[65]  Dean Povey Optimistic security: a new access control paradigm , 1999, NSPW '99.

[66]  Andreas Schaad,et al.  Modeling of Task-Based Authorization Constraints in BPMN , 2007, BPM.

[67]  Mark Strembeck,et al.  Modeling Process-Related Duties with Extended UML Activity and Interaction Diagrams , 2011, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[68]  Mark Strembeck,et al.  Modeling Context-Aware RBAC Models for Business Processes in Ubiquitous Computing Environments , 2012, 2012 Third FTRA International Conference on Mobile, Ubiquitous, and Intelligent Computing.