A Review of Delegation and Break-Glass Models for Flexible Access Control Management

Access control models provide important means for the systematic specification and management of the permissions in a business information system. While there are may well-known access control models (e.g., RBAC), standard access control models are often not suited for handling exceptional situations. The demand to increase the flexibility of access management has been approached mainly via the development of delegation models and break-glass models. This paper presents the results of a literature review of 329 delegation and break-glass approaches. We give an overview on the existing body of scientific literature in these two areas and compare 35 selected approaches in detail. We reveal different ways of providing delegation and break-glass concepts in general as well as in the context of business process management. Moreover, we identify different sub-topics that have not yet been addressed in detail and thus provide opportunities for future research.

[1]  Xingang Wang,et al.  Constraints for Permission-Based Delegations , 2008, 2008 IEEE 8th International Conference on Computer and Information Technology Workshops.

[2]  Mark Strembeck,et al.  An Approach for Consistent Delegation in Process-Aware Information Systems , 2012, BIS.

[3]  Pearl Brereton,et al.  Lessons from applying the systematic literature review process within the software engineering domain , 2007, J. Syst. Softw..

[4]  Akira Matsushita,et al.  Capability-based delegation model in RBAC , 2010, SACMAT '10.

[5]  Theo Dimitrakos,et al.  Formal Aspects in Security and Trust, Fourth International Workshop, FAST 2006, Hamilton, Ontario, Canada, August 26-27, 2006, Revised Selected Papers , 2007, Formal Aspects in Security and Trust.

[6]  Nora Cuppens-Boulahia,et al.  Delegation of Obligations and Responsibility , 2011, SEC.

[7]  Manfred Reichert,et al.  Adeptflex—Supporting Dynamic Changes of Workflows Without Losing Control , 1998, Journal of Intelligent Information Systems.

[8]  Mark Strembeck,et al.  A UML Extension for Modeling Break-Glass Policies , 2012, EMISA.

[9]  Yuko Murayama,et al.  Future Challenges in Security and Privacy for Academia and Industry , 2011 .

[10]  Martin Gogolla,et al.  Comprehensive two-level analysis of role-based delegation and revocation policies with UML and OCL , 2012, Inf. Softw. Technol..

[11]  Rafael Accorsi,et al.  Security and Trust Management , 2013, Lecture Notes in Computer Science.

[12]  François Charoy,et al.  Task Delegation Based Access Control Models for Workflow Systems , 2009, I3E.

[13]  Mark Strembeck,et al.  Modeling process-related RBAC models with extended UML activity models , 2011, Inf. Softw. Technol..

[14]  Jason Crampton,et al.  On delegation and workflow execution models , 2008, SAC '08.

[15]  Mark Strembeck,et al.  Modeling Support for Delegating Roles, Tasks, and Duties in a Process-Related RBAC Context , 2011, CAiSE Workshops.

[16]  Norbert Gronau,et al.  Software Services for e-Business and e-Society, 9th IFIP WG 6.1 Conference on e-Business, e-Services and e-Society, I3E 2009, Nancy, France, September 23-25, 2009. Proceedings , 2009, I3E.

[17]  Ravi S. Sandhu,et al.  Framework for role-based delegation models , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[18]  Henderik Alex Proper,et al.  An Extended RBAC Model for Task Delegation in Workflow Systems , 2011, BIR Workshops.

[19]  Ravi Sandhu,et al.  A Role-Based Delegation Model and Some Extensions , 2000 .

[20]  John Derrick,et al.  Author Obliged to Submit Paper before 4 July: Policies in an Enterprise Specification , 2001, POLICY.

[21]  Ramaswamy Chandramouli,et al.  Role-Based Access Control, Second Edition , 2007 .

[22]  Barbara Carminati,et al.  SHARE: Secure information sharing framework for emergency management , 2013, 2013 IEEE 29th International Conference on Data Engineering (ICDE).

[23]  Martin Törngren,et al.  Tool Integration Beyond Wasserman , 2011, CAiSE 2011.

[24]  Vijayalakshmi Atluri,et al.  Supporting conditional delegation in secure workflow management systems , 2005, SACMAT '05.

[25]  Marek J. Sergot,et al.  Towards a Mechanism for Discretionary Overriding of Access Control , 2004, Security Protocols Workshop.

[26]  Manfred Reichert,et al.  Flexibility in Process-Aware Information Systems , 2009, Trans. Petri Nets Other Model. Concurr..

[27]  Benkt Wangler,et al.  Workshops on Business Informatics Research , 2011, Lecture Notes in Business Information Processing.

[28]  Akhil Kumar,et al.  DW-RBAC: A formal security model of delegation and revocation in workflow systems , 2007, Inf. Syst..

[29]  Stefanie Rinderle-Ma,et al.  Change Patterns and Change Support Features in Process-Aware Information Systems , 2007, Seminal Contributions to Information Systems Engineering.

[30]  Claes Wohlin,et al.  Systematic literature studies: Database searches vs. backward snowballing , 2012, Proceedings of the 2012 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement.

[31]  Srdjan Marinovic,et al.  Rumpole: a flexible break-glass access control model , 2011, SACMAT '11.

[32]  Dean Povey Optimistic security: a new access control paradigm , 1999, NSPW '99.

[33]  He Wang,et al.  A Survey of Delegation from an RBAC Perspective , 2013, J. Softw..

[34]  Jason Crampton,et al.  An Auto-delegation Mechanism for Access Control Systems , 2010, STM.

[35]  Selmin Nurcan,et al.  A Survey on the Flexibility Requirements Related to Business Processes and Modeling Artifacts , 2008, Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008).

[36]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[37]  Mark Strembeck,et al.  Generic support for RBAC break-glass policies in process-aware information systems , 2013, SAC '13.

[38]  David W. Chadwick,et al.  How to Break Access Control in a Controlled Manner , 2006, 19th IEEE Symposium on Computer-Based Medical Systems (CBMS'06).

[39]  Wil M. P. van der Aalst,et al.  Transactions on Petri Nets and Other Models of Concurrency II, Special Issue on Concurrency in Process-Aware Information Systems , 2009, Trans. Petri Nets and Other Models of Concurrency.

[40]  Akhil Kumar,et al.  W-RBAC - A Workflow Security Model Incorporating Controlled Overriding of Constraints , 2003, Int. J. Cooperative Inf. Syst..

[41]  David W. Chadwick,et al.  How to Securely Break into RBAC: The BTG-RBAC Model , 2009, 2009 Annual Computer Security Applications Conference.

[42]  Jason Crampton,et al.  Delegation and satisfiability in workflow systems , 2008, SACMAT '08.

[43]  Sushil Jajodia,et al.  Access control for smarter healthcare using policy spaces , 2010, Comput. Secur..

[44]  Wil M. P. van der Aalst,et al.  Deadline-based escalation in process-aware information systems , 2007, Decis. Support Syst..

[45]  Jorge Lobo,et al.  Policies for Distributed Systems and Networks , 2001, Lecture Notes in Computer Science.

[46]  Ravi S. Sandhu,et al.  PBDM: a flexible delegation model in RBAC , 2003, SACMAT '03.

[47]  Babak Sadighi Firozabadi,et al.  Overriding of Access Control in XACML , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[48]  Achim D. Brucker,et al.  Extending access control models with break-glass , 2009, SACMAT '09.

[49]  Muhammad Ali Babar,et al.  Systematic reviews in software engineering: An empirical investigation , 2013, Inf. Softw. Technol..

[50]  Vijayalakshmi Atluri,et al.  Role-based Access Control , 1992 .

[51]  Pearl Brereton,et al.  Systematic literature reviews in software engineering - A systematic literature review , 2009, Inf. Softw. Technol..

[52]  Barbara Carminati,et al.  Secure Information Sharing on Support of Emergency Management , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[53]  François Charoy,et al.  Dynamic Authorisation Policies for Event-Based Task Delegation , 2010, CAiSE.

[54]  Marek J. Sergot,et al.  Discretionary Overriding of Access Control in the Privilege Calculus , 2004, Formal Aspects in Security and Trust.

[55]  Erik Rissanen Towards a Mechanism for Discretionary Overriding of Access Control (Transcript of Discussion) , 2004, Security Protocols Workshop.

[56]  Andreas Schaad,et al.  Delegation of obligations , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[57]  Nora Cuppens-Boulahia,et al.  Negotiating and delegating obligations , 2010, MEDES.

[58]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.