SlideShare ist ein Scribd-Unternehmen logo

Extending Access Control Models with Break-glass

Achim D. Brucker
Achim D. Brucker

Access control models are usually static, i.e., permissions are granted based on a policy that only changes seldom. Especially for scenarios in health care and disaster management, a more flexible support of access control, i.e., the underlying policy, is needed. Break-glass is one approach for such a flexible support of policies which helps to prevent system stagnation that could harm lives or otherwise result in losses. Today, break-glass techniques are usually added on top of standard access control solutions in an ad-hoc manner and, therefore, lack an integration into the underlying access control paradigm and the systems' access control enforcement architecture. We present an approach for integrating, in a fine-grained manner, break-glass strategies into standard access control models and their accompanying enforcement architecture. This integration provides means for specifying break-glass policies precisely and supporting model-driven development techniques based on such policies.

TechnologieBusiness
1 von 33
Downloaden Sie, um offline zu lesen
Extending Access Control Models with Break-glass Achim D. Brucker Helmut Petritsch {achim.brucker, helmut.petritsch}@sap.com Vincenz-Priessnitz-Str. ,  Karlsruhe, Germany ACM Symposium on Access Control Models and Technologies (SACMAT ) Stresa, Italy, th June 
Outline  Motivation  Break-glass: The Main Idea  A Generic Architecture Supporting Break-glass  Extending Model-driven Security  Conclusion and Future Work
Motivation Our Vision Assume, we are a nurse trying to access the patient record of Peter Meier ... A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Motivation Our Vision A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Motivation Our Vision A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Motivation Break-glass or Overriding Access Control While often motivated with health care or public security scenarios, also enterprises demand break-glass solutions: for preventing stagnation on the system administration level and for preventing stagnation on the business process level. In fact, state of the art enterprise systems support break-glass, e.g., Virsa Firefighter for SAP, Oracle’s Role Manager. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Motivation The Situation Today Mostly implemented using pre-staged accounts that are either stored in sealed covers or electronically issued on request. Break-glass solutions should cover the creation of break-glass accounts, the distribution pre-staged accounts, the monitoring of the use of break-glass accounts, and the cleanup after an break-glass situation. This solution is quite coarse-grained and not integrated into regular access control. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Outline  Motivation  Break-glass: The Main Idea  A Generic Architecture Supporting Break-glass  Extending Model-driven Security  Conclusion and Future Work
Break-glass: The Main Idea Observations and Goals During discussions with end users, we observed: depending on the situation, different overrides can be justified some restrictions can never be overridden The two main design goals are: access-control decisions should be overrideable on a per permission basis and fine-grained configuration of the restrictions that can be overridden. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Break-glass: The Main Idea Emergeny Levels Definition A policy p refines a policy p′ (written p ⊑ p′) if and only if the set of system traces that are allowed under p is a subset of the system traces that are allowed under p′. A policy p refines a policy p′ iff p is at least as restrictive as p′. p⊺ is the policy that allows all actions and p– is the policy that denies all actions. p– refines all policies and every policy is a refinement of p⊺. PA be the set of all policies of the access control model A. (PA, ⊑, p–, p⊺) is a lattice. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Break-glass: The Main Idea Regular Policies and Emergeny Policies Definition We refer to the regular policy, i. e., the policy that should be obeyed in normal operations, as preg and we refer to the set of policies that are refined by the regular policy, i. e., LA = {p ∣ p ∈ PA ∧ preg ⊑ p ∧ p ≠ preg } as emergency levels or emergency policies of the policy preg. We require that (PA ∖ p–, ⊑, preg, p⊺) is a lattice, i. e., inf(PA ∖ p–) = preg. An emergency level can be active or inactive. Only active emergency levels contribute to the access control decision. The regular policy is always active. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Break-glass: The Main Idea Hierarchical Break-glass Access Control An access that is only granted by an emergency policy ℓ ∈ LA is called override access. Override accesses are only granted if there is an active policy granting access. Obligations can be attached to an (emergency) policy, i.e., requiring user confirmations or for activating monitoring. By evaluating the policies in topological order, the refinement relation holds by construction! A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Outline  Motivation  Break-glass: The Main Idea  A Generic Architecture Supporting Break-glass  Extending Model-driven Security  Conclusion and Future Work
A Generic Architecture Supporting Break-glass Break-glass Architecture: Main Idea The break-glass policy combination strategy can be implemented by a meta PDP. The Break-glass PDP implements the break-glass policy combination strategy on top of existing PDPs User confirmations can be implemented using obligations: the various PDPs need to support obligations the various PEPs need to support obligations the user interface needs to support confirmation requests Break-glass does not impose restrictions on the underlying access control model! A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
A Generic Architecture Supporting Break-glass A Generic Break-glass Architecture User Interface Confirmation Handler Obligation Support Protected Resource PEP Break-glass PDP Single Sign-on Existing PDP(s) Obligation Support Policy Manager Authentication 1 4 2 3 3 3a 3b A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Outline  Motivation  Break-glass: The Main Idea  A Generic Architecture Supporting Break-glass  Extending Model-driven Security  Conclusion and Future Work
Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation Generic SecureUML ArgoUML−plugin A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation Transformations: SecureUML −> UML/OCL UML/OCL −> UML/OCL A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation Code Generator SecureUML, UML, OCL Java, C#, Junit, XACL, USE, ... A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation HOL−OCL formal analysis formal verification A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation HOL−TestGen model−based unit test sequence testing A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Extending Model-driven Security SecureUML Subject Group User Role Permission AuthorizationConstraint Action AtomicAction CompositeAction Resource 0..* 0..* 1..* 0..* 0..* 1..* 0..* 0..* 0..* 0..* 0..* 0..* 0..1 0..* 0..* SecureUML is a UML-based notation, provides abstract Syntax given by MOF compliant metamodel, is pluggable into arbitrary design modeling languages, is supported by an ArgoUML plugin. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Extending Model-driven Security SecureUML Subject Group User Role Permission AuthorizationConstraint Action AtomicAction CompositeAction Resource 0..* 0..* 1..* 0..* 0..* 1..* 0..* 0..* 0..* 0..* 0..* 0..* 0..1 0..* 0..* Policy Obligation 1..* 0..* 1..* 0..* 0..* 0..* SecureUML is a UML-based notation, provides abstract Syntax given by MOF compliant metamodel, is pluggable into arbitrary design modeling languages, is supported by an ArgoUML plugin. can easily be extended with support for break-glass. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Extending Model-driven Security Modeling Access Control with SecureUML MedicalRecord disease:String medication:String read():OclVoid update():OclVoid create():OclVoid Patient name:String 0..* owner 1 «secureuml.role» UserRole «secureuml.role» AdministratorRole «secureuml.permission» OwnerMedicalRecord MedicalRecord:read MedicalRecord:update MedicalRecord:delete caller=self.owner.name «secureuml.policy» LowEmergencyLevel «secureuml.policy» HighEmergencyLevel «secureuml.permission» EmergencyOwnerMedicalRecord MedicalRecord:read A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Extending Model-driven Security ArgoUML Support A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Extending Model-driven Security ArgoUML Support A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Extending Model-driven Security Code Generation (Java and XACML) In case of XACML, we can generate the policies and the PDP configuration. In particular, we sort the policies topological, use the “first-applicable” combining algorithm of XACML, and exploit the obligations support of XACML. With respect to the application, we generate (stubs of) the business logic, the calls to PDP, and the PEP. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Outline  Motivation  Break-glass: The Main Idea  A Generic Architecture Supporting Break-glass  Extending Model-driven Security  Conclusion and Future Work
Conclusion and Future Work Conclusion and Future Work We presented a a generic break-glass model that allows the fine-grained, overriding of access control decisions, an generic architecture for implementing break-glass, an extension of SecureUML supporting break-glass, and the mapping of break-glass to XACML Future work includes the integration and development of analysis techniques for user providing feedback to the user, break-glass concepts for IT compliance, and techniques for a posteriori analysis of incidents. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
Thank you for your attention! Any questions or remarks?
Bibliography Bibliography Achim D. Brucker and Helmut Petritsch. Extending access control models with break-glass. In ACM symposium on access control models and technologies (SACMAT), pages –. ACM Press, . A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  

Empfohlen

Dont break the glass
Dont break the glassDont break the glass
Dont break the glassJohn Kinsella
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityJérôme Petazzoni
 
Security patterns and model driven architecture
Security patterns and model driven architectureSecurity patterns and model driven architecture
Security patterns and model driven architecturebdemchak
 
NWC 2015 - Critical - Path Simulation
NWC 2015 - Critical - Path Simulation NWC 2015 - Critical - Path Simulation
NWC 2015 - Critical - Path Simulation Jennifer Day
 
Model-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesModel-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesAchim D. Brucker
 
Formal Methods for Dependable Neural Networks
Formal Methods for Dependable Neural Networks Formal Methods for Dependable Neural Networks
Formal Methods for Dependable Neural Networks Chih-Hong Cheng
 
On the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance CasesOn the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance CasesRan Wei
 
PythonQuants conference - QuantUniversity presentation - Stress Testing in th...
PythonQuants conference - QuantUniversity presentation - Stress Testing in th...PythonQuants conference - QuantUniversity presentation - Stress Testing in th...
PythonQuants conference - QuantUniversity presentation - Stress Testing in th...QuantUniversity
 

Empfohlen

Dont break the glass
Dont break the glassDont break the glass
Dont break the glassJohn Kinsella
 
Docker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityDocker, Linux Containers (LXC), and security
Docker, Linux Containers (LXC), and securityJérôme Petazzoni
 
Security patterns and model driven architecture
Security patterns and model driven architectureSecurity patterns and model driven architecture
Security patterns and model driven architecturebdemchak
 
NWC 2015 - Critical - Path Simulation
NWC 2015 - Critical - Path Simulation NWC 2015 - Critical - Path Simulation
NWC 2015 - Critical - Path Simulation Jennifer Day
 
Model-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesModel-based Conformance Testing of Security Properties
Model-based Conformance Testing of Security PropertiesAchim D. Brucker
 
Formal Methods for Dependable Neural Networks
Formal Methods for Dependable Neural Networks Formal Methods for Dependable Neural Networks
Formal Methods for Dependable Neural Networks Chih-Hong Cheng
 
On the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance CasesOn the Transition from Design Time to Runtime Model-Based Assurance Cases
On the Transition from Design Time to Runtime Model-Based Assurance CasesRan Wei
 
PythonQuants conference - QuantUniversity presentation - Stress Testing in th...
PythonQuants conference - QuantUniversity presentation - Stress Testing in th...PythonQuants conference - QuantUniversity presentation - Stress Testing in th...
PythonQuants conference - QuantUniversity presentation - Stress Testing in th...QuantUniversity
 
DBMask: Fine-Grained Access Control on Encrypted Relational Databases
DBMask: Fine-Grained Access Control on Encrypted Relational DatabasesDBMask: Fine-Grained Access Control on Encrypted Relational Databases
DBMask: Fine-Grained Access Control on Encrypted Relational DatabasesMateus S. H. Cruz
 
140910-doverick-agile103.pdf
140910-doverick-agile103.pdf140910-doverick-agile103.pdf
140910-doverick-agile103.pdfmiaoli35
 
م.80-مبادرة #تواصل_تطويرم.أحمد سعيد رفاعهى-دورة حياة تقدير التكلفة بمشروعات ا...
م.80-مبادرة #تواصل_تطويرم.أحمد سعيد رفاعهى-دورة حياة تقدير التكلفة بمشروعات ا...م.80-مبادرة #تواصل_تطويرم.أحمد سعيد رفاعهى-دورة حياة تقدير التكلفة بمشروعات ا...
م.80-مبادرة #تواصل_تطويرم.أحمد سعيد رفاعهى-دورة حياة تقدير التكلفة بمشروعات ا...Egyptian Engineers Association
 
From Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesFrom Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesObeo
 
Cybernetics in supply chain management
Cybernetics in supply chain managementCybernetics in supply chain management
Cybernetics in supply chain managementLuis Cabrera
 
Securing your Machine Learning models
Securing your Machine Learning modelsSecuring your Machine Learning models
Securing your Machine Learning modelsPhilipBasford
 
Chapter 08
Chapter 08Chapter 08
Chapter 08guru3188
 
Wp6 public
Wp6 publicWp6 public
Wp6 publicPrivacy Data Protection for Engineering
 
Vipul Kocher - Software Testing, A Framework Based Approach
Vipul Kocher - Software Testing, A Framework Based ApproachVipul Kocher - Software Testing, A Framework Based Approach
Vipul Kocher - Software Testing, A Framework Based ApproachTEST Huddle
 
System Engineering with Project & Risk Management
System Engineering with Project & Risk ManagementSystem Engineering with Project & Risk Management
System Engineering with Project & Risk ManagementRAMKUMAR P
 
Prototyping
PrototypingPrototyping
PrototypingIfa Laili
 
openEHR China Localization working group
openEHR China Localization working groupopenEHR China Localization working group
openEHR China Localization working groupxudong_lu
 
JamesSticky NoteThis is an introduction to a volume of t.docx
JamesSticky NoteThis is an introduction to a volume of t.docxJamesSticky NoteThis is an introduction to a volume of t.docx
JamesSticky NoteThis is an introduction to a volume of t.docxchristiandean12115
 
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012TEST Huddle
 
expert systems
expert systemsexpert systems
expert systemsVarun Tumati
 
Finalpresentation 120711124135-phpapp02
Finalpresentation 120711124135-phpapp02Finalpresentation 120711124135-phpapp02
Finalpresentation 120711124135-phpapp02Bhargava Dutt
 
How Romanian companies are developing secure applications on Azure.pptx
How Romanian companies are developing secure applications on Azure.pptxHow Romanian companies are developing secure applications on Azure.pptx
How Romanian companies are developing secure applications on Azure.pptxRadu Vunvulea
 
Cloud bursting methodology
Cloud bursting methodologyCloud bursting methodology
Cloud bursting methodologyJonathan Spindel
 
How to Build an Early Warning System to Harness Predictability and Win in the...
How to Build an Early Warning System to Harness Predictability and Win in the...How to Build an Early Warning System to Harness Predictability and Win in the...
How to Build an Early Warning System to Harness Predictability and Win in the...IntelCollab.com
 
An Approach for cloud-based Situational Analysis for factories providing real...
An Approach for cloud-based Situational Analysis for factories providing real...An Approach for cloud-based Situational Analysis for factories providing real...
An Approach for cloud-based Situational Analysis for factories providing real...Sebastian Scholze
 
Usable Security for Developers: A Nightmare
Usable Security for Developers: A NightmareUsable Security for Developers: A Nightmare
Usable Security for Developers: A NightmareAchim D. Brucker
 
Formalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and ProofFormalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and ProofAchim D. Brucker
 

Weitere ähnliche Inhalte

Ähnlich wie Extending Access Control Models with Break-glass

DBMask: Fine-Grained Access Control on Encrypted Relational Databases
DBMask: Fine-Grained Access Control on Encrypted Relational DatabasesDBMask: Fine-Grained Access Control on Encrypted Relational Databases
DBMask: Fine-Grained Access Control on Encrypted Relational DatabasesMateus S. H. Cruz
 
140910-doverick-agile103.pdf
140910-doverick-agile103.pdf140910-doverick-agile103.pdf
140910-doverick-agile103.pdfmiaoli35
 
م.80-مبادرة #تواصل_تطويرم.أحمد سعيد رفاعهى-دورة حياة تقدير التكلفة بمشروعات ا...
م.80-مبادرة #تواصل_تطويرم.أحمد سعيد رفاعهى-دورة حياة تقدير التكلفة بمشروعات ا...م.80-مبادرة #تواصل_تطويرم.أحمد سعيد رفاعهى-دورة حياة تقدير التكلفة بمشروعات ا...
م.80-مبادرة #تواصل_تطويرم.أحمد سعيد رفاعهى-دورة حياة تقدير التكلفة بمشروعات ا...Egyptian Engineers Association
 
From Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesFrom Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesObeo
 
Cybernetics in supply chain management
Cybernetics in supply chain managementCybernetics in supply chain management
Cybernetics in supply chain managementLuis Cabrera
 
Securing your Machine Learning models
Securing your Machine Learning modelsSecuring your Machine Learning models
Securing your Machine Learning modelsPhilipBasford
 
Chapter 08
Chapter 08Chapter 08
Chapter 08guru3188
 
Vipul Kocher - Software Testing, A Framework Based Approach
Vipul Kocher - Software Testing, A Framework Based ApproachVipul Kocher - Software Testing, A Framework Based Approach
Vipul Kocher - Software Testing, A Framework Based ApproachTEST Huddle
 
System Engineering with Project & Risk Management
System Engineering with Project & Risk ManagementSystem Engineering with Project & Risk Management
System Engineering with Project & Risk ManagementRAMKUMAR P
 
openEHR China Localization working group
openEHR China Localization working groupopenEHR China Localization working group
openEHR China Localization working groupxudong_lu
 
JamesSticky NoteThis is an introduction to a volume of t.docx
JamesSticky NoteThis is an introduction to a volume of t.docxJamesSticky NoteThis is an introduction to a volume of t.docx
JamesSticky NoteThis is an introduction to a volume of t.docxchristiandean12115
 
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012TEST Huddle
 
Finalpresentation 120711124135-phpapp02
Finalpresentation 120711124135-phpapp02Finalpresentation 120711124135-phpapp02
Finalpresentation 120711124135-phpapp02Bhargava Dutt
 
How Romanian companies are developing secure applications on Azure.pptx
How Romanian companies are developing secure applications on Azure.pptxHow Romanian companies are developing secure applications on Azure.pptx
How Romanian companies are developing secure applications on Azure.pptxRadu Vunvulea
 
Cloud bursting methodology
Cloud bursting methodologyCloud bursting methodology
Cloud bursting methodologyJonathan Spindel
 
How to Build an Early Warning System to Harness Predictability and Win in the...
How to Build an Early Warning System to Harness Predictability and Win in the...How to Build an Early Warning System to Harness Predictability and Win in the...
How to Build an Early Warning System to Harness Predictability and Win in the...IntelCollab.com
 
An Approach for cloud-based Situational Analysis for factories providing real...
An Approach for cloud-based Situational Analysis for factories providing real...An Approach for cloud-based Situational Analysis for factories providing real...
An Approach for cloud-based Situational Analysis for factories providing real...Sebastian Scholze
 

Ähnlich wie Extending Access Control Models with Break-glass (20)

DBMask: Fine-Grained Access Control on Encrypted Relational Databases
DBMask: Fine-Grained Access Control on Encrypted Relational DatabasesDBMask: Fine-Grained Access Control on Encrypted Relational Databases
DBMask: Fine-Grained Access Control on Encrypted Relational Databases
 
140910-doverick-agile103.pdf
140910-doverick-agile103.pdf140910-doverick-agile103.pdf
140910-doverick-agile103.pdf
 
م.80-مبادرة #تواصل_تطويرم.أحمد سعيد رفاعهى-دورة حياة تقدير التكلفة بمشروعات ا...
م.80-مبادرة #تواصل_تطويرم.أحمد سعيد رفاعهى-دورة حياة تقدير التكلفة بمشروعات ا...م.80-مبادرة #تواصل_تطويرم.أحمد سعيد رفاعهى-دورة حياة تقدير التكلفة بمشروعات ا...
م.80-مبادرة #تواصل_تطويرم.أحمد سعيد رفاعهى-دورة حياة تقدير التكلفة بمشروعات ا...
 
From Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems ArchitecturesFrom Model-based to Model and Simulation-based Systems Architectures
From Model-based to Model and Simulation-based Systems Architectures
 
Cybernetics in supply chain management
Cybernetics in supply chain managementCybernetics in supply chain management
Cybernetics in supply chain management
 
Securing your Machine Learning models
Securing your Machine Learning modelsSecuring your Machine Learning models
Securing your Machine Learning models
 
Chapter 08
Chapter 08Chapter 08
Chapter 08
 
Wp6 public
Wp6 publicWp6 public
Wp6 public
 
Vipul Kocher - Software Testing, A Framework Based Approach
Vipul Kocher - Software Testing, A Framework Based ApproachVipul Kocher - Software Testing, A Framework Based Approach
Vipul Kocher - Software Testing, A Framework Based Approach
 
System Engineering with Project & Risk Management
System Engineering with Project & Risk ManagementSystem Engineering with Project & Risk Management
System Engineering with Project & Risk Management
 
Prototyping
PrototypingPrototyping
Prototyping
 
openEHR China Localization working group
openEHR China Localization working groupopenEHR China Localization working group
openEHR China Localization working group
 
JamesSticky NoteThis is an introduction to a volume of t.docx
JamesSticky NoteThis is an introduction to a volume of t.docxJamesSticky NoteThis is an introduction to a volume of t.docx
JamesSticky NoteThis is an introduction to a volume of t.docx
 
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
Peter Zimmerer - Evolve Design For Testability To The Next Level - EuroSTAR 2012
 
expert systems
expert systemsexpert systems
expert systems
 
Finalpresentation 120711124135-phpapp02
Finalpresentation 120711124135-phpapp02Finalpresentation 120711124135-phpapp02
Finalpresentation 120711124135-phpapp02
 
How Romanian companies are developing secure applications on Azure.pptx
How Romanian companies are developing secure applications on Azure.pptxHow Romanian companies are developing secure applications on Azure.pptx
How Romanian companies are developing secure applications on Azure.pptx
 
Cloud bursting methodology
Cloud bursting methodologyCloud bursting methodology
Cloud bursting methodology
 
How to Build an Early Warning System to Harness Predictability and Win in the...
How to Build an Early Warning System to Harness Predictability and Win in the...How to Build an Early Warning System to Harness Predictability and Win in the...
How to Build an Early Warning System to Harness Predictability and Win in the...
 
An Approach for cloud-based Situational Analysis for factories providing real...
An Approach for cloud-based Situational Analysis for factories providing real...An Approach for cloud-based Situational Analysis for factories providing real...
An Approach for cloud-based Situational Analysis for factories providing real...
 

Mehr von Achim D. Brucker

Usable Security for Developers: A Nightmare
Usable Security for Developers: A NightmareUsable Security for Developers: A Nightmare
Usable Security for Developers: A NightmareAchim D. Brucker
 
Formalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and ProofFormalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and ProofAchim D. Brucker
 
Your (not so) smart TV is currently busy with taking down the Internet
Your (not so) smart TV is currently busy with taking down the InternetYour (not so) smart TV is currently busy with taking down the Internet
Your (not so) smart TV is currently busy with taking down the InternetAchim D. Brucker
 
Combining the Security Risks of Native and Web Development: Hybrid Apps
Combining the Security Risks of Native and Web Development: Hybrid AppsCombining the Security Risks of Native and Web Development: Hybrid Apps
Combining the Security Risks of Native and Web Development: Hybrid AppsAchim D. Brucker
 
The Evil Friend in Your Browser
The Evil Friend in Your BrowserThe Evil Friend in Your Browser
The Evil Friend in Your BrowserAchim D. Brucker
 
How to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure CodeHow to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure CodeAchim D. Brucker
 
Developing Secure Software: Experiences From an International Software Vendor
Developing Secure Software: Experiences From an International Software VendorDeveloping Secure Software: Experiences From an International Software Vendor
Developing Secure Software: Experiences From an International Software VendorAchim D. Brucker
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Achim D. Brucker
 
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...Achim D. Brucker
 
Isabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof AssistantIsabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof AssistantAchim D. Brucker
 
Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Achim D. Brucker
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Achim D. Brucker
 
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Achim D. Brucker
 
Industrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentIndustrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentAchim D. Brucker
 
SAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsSAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsAchim D. Brucker
 
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...Achim D. Brucker
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleAchim D. Brucker
 
Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Achim D. Brucker
 
Encoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records RevisitedEncoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records RevisitedAchim D. Brucker
 
A Framework for Secure Service Composition
A Framework for Secure Service CompositionA Framework for Secure Service Composition
A Framework for Secure Service CompositionAchim D. Brucker
 

Mehr von Achim D. Brucker (20)

Usable Security for Developers: A Nightmare
Usable Security for Developers: A NightmareUsable Security for Developers: A Nightmare
Usable Security for Developers: A Nightmare
 
Formalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and ProofFormalizing (Web) Standards: An Application of Test and Proof
Formalizing (Web) Standards: An Application of Test and Proof
 
Your (not so) smart TV is currently busy with taking down the Internet
Your (not so) smart TV is currently busy with taking down the InternetYour (not so) smart TV is currently busy with taking down the Internet
Your (not so) smart TV is currently busy with taking down the Internet
 
Combining the Security Risks of Native and Web Development: Hybrid Apps
Combining the Security Risks of Native and Web Development: Hybrid AppsCombining the Security Risks of Native and Web Development: Hybrid Apps
Combining the Security Risks of Native and Web Development: Hybrid Apps
 
The Evil Friend in Your Browser
The Evil Friend in Your BrowserThe Evil Friend in Your Browser
The Evil Friend in Your Browser
 
How to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure CodeHow to Enable Developers to Deliver Secure Code
How to Enable Developers to Deliver Secure Code
 
Developing Secure Software: Experiences From an International Software Vendor
Developing Secure Software: Experiences From an International Software VendorDeveloping Secure Software: Experiences From an International Software Vendor
Developing Secure Software: Experiences From an International Software Vendor
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...
 
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...
 
Isabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof AssistantIsabelle: Not Only a Proof Assistant
Isabelle: Not Only a Proof Assistant
 
Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...Agile Secure Software Development in a Large Software Development Organisatio...
Agile Secure Software Development in a Large Software Development Organisatio...
 
Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...Bringing Security Testing to Development: How to Enable Developers to Act as ...
Bringing Security Testing to Development: How to Enable Developers to Act as ...
 
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
Security Testing: Myths, Challenges, and Opportunities - Experiences in Integ...
 
Industrial Challenges of Secure Software Development
Industrial Challenges of Secure Software DevelopmentIndustrial Challenges of Secure Software Development
Industrial Challenges of Secure Software Development
 
SAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial ToolsSAST for JavaScript: A Brief Overview of Commercial Tools
SAST for JavaScript: A Brief Overview of Commercial Tools
 
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
A Collection of Real World (JavaScript) Security Problems: Examples from 2 1/...
 
Deploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large ScaleDeploying Static Application Security Testing on a Large Scale
Deploying Static Application Security Testing on a Large Scale
 
Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?Service Compositions: Curse or Blessing for Security?
Service Compositions: Curse or Blessing for Security?
 
Encoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records RevisitedEncoding Object-oriented Datatypes in HOL: Extensible Records Revisited
Encoding Object-oriented Datatypes in HOL: Extensible Records Revisited
 
A Framework for Secure Service Composition
A Framework for Secure Service CompositionA Framework for Secure Service Composition
A Framework for Secure Service Composition
 

Kürzlich hochgeladen

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 

Kürzlich hochgeladen (20)

TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 

Extending Access Control Models with Break-glass

  • 1. Extending Access Control Models with Break-glass Achim D. Brucker Helmut Petritsch {achim.brucker, helmut.petritsch}@sap.com Vincenz-Priessnitz-Str. ,  Karlsruhe, Germany ACM Symposium on Access Control Models and Technologies (SACMAT ) Stresa, Italy, th June 
  • 2. Outline  Motivation  Break-glass: The Main Idea  A Generic Architecture Supporting Break-glass  Extending Model-driven Security  Conclusion and Future Work
  • 3. Motivation Our Vision Assume, we are a nurse trying to access the patient record of Peter Meier ... A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 4. Motivation Our Vision A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 5. Motivation Our Vision A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 6. Motivation Break-glass or Overriding Access Control While often motivated with health care or public security scenarios, also enterprises demand break-glass solutions: for preventing stagnation on the system administration level and for preventing stagnation on the business process level. In fact, state of the art enterprise systems support break-glass, e.g., Virsa Firefighter for SAP, Oracle’s Role Manager. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 7. Motivation The Situation Today Mostly implemented using pre-staged accounts that are either stored in sealed covers or electronically issued on request. Break-glass solutions should cover the creation of break-glass accounts, the distribution pre-staged accounts, the monitoring of the use of break-glass accounts, and the cleanup after an break-glass situation. This solution is quite coarse-grained and not integrated into regular access control. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 8. Outline  Motivation  Break-glass: The Main Idea  A Generic Architecture Supporting Break-glass  Extending Model-driven Security  Conclusion and Future Work
  • 9. Break-glass: The Main Idea Observations and Goals During discussions with end users, we observed: depending on the situation, different overrides can be justified some restrictions can never be overridden The two main design goals are: access-control decisions should be overrideable on a per permission basis and fine-grained configuration of the restrictions that can be overridden. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 10. Break-glass: The Main Idea Emergeny Levels Definition A policy p refines a policy p′ (written p ⊑ p′) if and only if the set of system traces that are allowed under p is a subset of the system traces that are allowed under p′. A policy p refines a policy p′ iff p is at least as restrictive as p′. p⊺ is the policy that allows all actions and p– is the policy that denies all actions. p– refines all policies and every policy is a refinement of p⊺. PA be the set of all policies of the access control model A. (PA, ⊑, p–, p⊺) is a lattice. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 11. Break-glass: The Main Idea Regular Policies and Emergeny Policies Definition We refer to the regular policy, i. e., the policy that should be obeyed in normal operations, as preg and we refer to the set of policies that are refined by the regular policy, i. e., LA = {p ∣ p ∈ PA ∧ preg ⊑ p ∧ p ≠ preg } as emergency levels or emergency policies of the policy preg. We require that (PA ∖ p–, ⊑, preg, p⊺) is a lattice, i. e., inf(PA ∖ p–) = preg. An emergency level can be active or inactive. Only active emergency levels contribute to the access control decision. The regular policy is always active. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 12. Break-glass: The Main Idea Hierarchical Break-glass Access Control An access that is only granted by an emergency policy ℓ ∈ LA is called override access. Override accesses are only granted if there is an active policy granting access. Obligations can be attached to an (emergency) policy, i.e., requiring user confirmations or for activating monitoring. By evaluating the policies in topological order, the refinement relation holds by construction! A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 13. Outline  Motivation  Break-glass: The Main Idea  A Generic Architecture Supporting Break-glass  Extending Model-driven Security  Conclusion and Future Work
  • 14. A Generic Architecture Supporting Break-glass Break-glass Architecture: Main Idea The break-glass policy combination strategy can be implemented by a meta PDP. The Break-glass PDP implements the break-glass policy combination strategy on top of existing PDPs User confirmations can be implemented using obligations: the various PDPs need to support obligations the various PEPs need to support obligations the user interface needs to support confirmation requests Break-glass does not impose restrictions on the underlying access control model! A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 15. A Generic Architecture Supporting Break-glass A Generic Break-glass Architecture User Interface Confirmation Handler Obligation Support Protected Resource PEP Break-glass PDP Single Sign-on Existing PDP(s) Obligation Support Policy Manager Authentication 1 4 2 3 3 3a 3b A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 16. Outline  Motivation  Break-glass: The Main Idea  A Generic Architecture Supporting Break-glass  Extending Model-driven Security  Conclusion and Future Work
  • 17. Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 18. Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation Generic SecureUML ArgoUML−plugin A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 19. Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation Transformations: SecureUML −> UML/OCL UML/OCL −> UML/OCL A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 20. Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation Code Generator SecureUML, UML, OCL Java, C#, Junit, XACL, USE, ... A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 21. Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation HOL−OCL formal analysis formal verification A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 22. Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation HOL−TestGen model−based unit test sequence testing A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 23. Extending Model-driven Security The Model-driven Security Vision A Tool-supported and Security-aware Formal Model-driven Engineering Process 1..∗ Role Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Class + Public Method # Protected Method attribute: Type − Private Method Model Transformation Design Phase Phase Verification and Code−generation Phase Deployment Phase Testing and UML/OCL (XMI) or SecureUML/OCL Code Generator Repository Model (su4sml) Model−Analysis and Verification (HOL−OCL) Transformation Model HOL−TestGen ArgoUML AC Config C# +OCL Test Harness manual Code Proof Obligations Test Data Program Generation Validation A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 24. Extending Model-driven Security SecureUML Subject Group User Role Permission AuthorizationConstraint Action AtomicAction CompositeAction Resource 0..* 0..* 1..* 0..* 0..* 1..* 0..* 0..* 0..* 0..* 0..* 0..* 0..1 0..* 0..* SecureUML is a UML-based notation, provides abstract Syntax given by MOF compliant metamodel, is pluggable into arbitrary design modeling languages, is supported by an ArgoUML plugin. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 25. Extending Model-driven Security SecureUML Subject Group User Role Permission AuthorizationConstraint Action AtomicAction CompositeAction Resource 0..* 0..* 1..* 0..* 0..* 1..* 0..* 0..* 0..* 0..* 0..* 0..* 0..1 0..* 0..* Policy Obligation 1..* 0..* 1..* 0..* 0..* 0..* SecureUML is a UML-based notation, provides abstract Syntax given by MOF compliant metamodel, is pluggable into arbitrary design modeling languages, is supported by an ArgoUML plugin. can easily be extended with support for break-glass. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 26. Extending Model-driven Security Modeling Access Control with SecureUML MedicalRecord disease:String medication:String read():OclVoid update():OclVoid create():OclVoid Patient name:String 0..* owner 1 «secureuml.role» UserRole «secureuml.role» AdministratorRole «secureuml.permission» OwnerMedicalRecord MedicalRecord:read MedicalRecord:update MedicalRecord:delete caller=self.owner.name «secureuml.policy» LowEmergencyLevel «secureuml.policy» HighEmergencyLevel «secureuml.permission» EmergencyOwnerMedicalRecord MedicalRecord:read A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 27. Extending Model-driven Security ArgoUML Support A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 28. Extending Model-driven Security ArgoUML Support A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 29. Extending Model-driven Security Code Generation (Java and XACML) In case of XACML, we can generate the policies and the PDP configuration. In particular, we sort the policies topological, use the “first-applicable” combining algorithm of XACML, and exploit the obligations support of XACML. With respect to the application, we generate (stubs of) the business logic, the calls to PDP, and the PEP. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 30. Outline  Motivation  Break-glass: The Main Idea  A Generic Architecture Supporting Break-glass  Extending Model-driven Security  Conclusion and Future Work
  • 31. Conclusion and Future Work Conclusion and Future Work We presented a a generic break-glass model that allows the fine-grained, overriding of access control decisions, an generic architecture for implementing break-glass, an extension of SecureUML supporting break-glass, and the mapping of break-glass to XACML Future work includes the integration and development of analysis techniques for user providing feedback to the user, break-glass concepts for IT compliance, and techniques for a posteriori analysis of incidents. A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  
  • 32. Thank you for your attention! Any questions or remarks?
  • 33. Bibliography Bibliography Achim D. Brucker and Helmut Petritsch. Extending access control models with break-glass. In ACM symposium on access control models and technologies (SACMAT), pages –. ACM Press, . A.D. Brucker and H. Petritsch (SAP Research) Access Control Models with Break-glass SACMAT  