Security for Privileged Accounts Using Break-Glass Technique

Break-glass within computing is a term used to describe the act of checking out a system account password for use by a human. It is generally used for highest level system accounts such as root for unix or SYS/SA for database. These accounts are highly privileged and not in themselves individualized to a specific human, so instead break-glass limits them by the password time duration, with the aim of controlling and reducing the account’s usage to that which is necessary. Break-glass has been examined in a number of publications applied to medical systems. What is currently missing is an accurate translation of original break-glass concepts, especially applied to high security environments such as banking. This paper will provide a description of how break-glass is evolving into a broader method of time-based access control mechanism. Finally how time-based access control and break-glass can be varied adaptively based on threat level is proposed.