Publications

Displaying 1 - 25 of 87

Translating Natural Language Specifications into Access Control Policies by Leveraging Large Language Models

January 16, 2025

Author(s)

Sherifdeen Lawal, Xingmeng Zhao, Anthony Rios, Ram Krishnan, David Ferraiolo

This paper investigates the application of large language models (LLMs) for the automated translation and information extraction of access control policies from a natural language source. Prior research in this domain have predominantly relied on manual

An Infrastructure for Secure Data Sharing: A Clinical Data Implementation

May 15, 2024

Author(s)

Joanna DeFranco, Joshua Roberts, David Ferraiolo, Daniel Compton

Objective: To address database interoperability challenges to improve collaboration among disparate organizations. Materials and Methods: We developed a lightweight system to allow broad but well-controlled data sharing while preserving local data

Use Cases for Secure and Trusted Granular Data Sharing Among Disparate Databases

January 30, 2024

Author(s)

Joanna DeFranco, David Ferraiolo, Joshua Roberts, D. Richard Kuhn

Sharing data among disparate organizations can be extremely difficult, when the data comes from different database management systems (DBMS). Most problematic is that data stored at another organization most likely uses different DBMS schemas and

A Trusted Federated System to Share Granular Data Among Disparate Database Resources

March 15, 2021

Author(s)

Joanna DeFranco, David F. Ferraiolo, D. Richard Kuhn, Joshua D. Roberts

Sharing data between different organizations is a challenge primarily due to database management systems (DBMSs) being different types that impose different schemas to represent and retrieve data. In addition, maintaining security and privacy is a concern

A New Approach to Data Sharing and Distributed Ledger Technology: A Clinical Trial Use Case

February 16, 2021

Author(s)

David F. Ferraiolo, Joanna DeFranco, D. Richard Kuhn, Joshua D. Roberts

Distributed systems have always presented complex challenges, and technology trends are in many ways making the software designer's job more difficult. In particular, today's systems must successfully handle.

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

August 2, 2019

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone

[Includes updates as of August 2, 2019] This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by

Attribute Considerations for Access Control Systems

June 18, 2019

Author(s)

Chung Tong Hu, David F. Ferraiolo, David Kuhn

Attribute-based access control systems rely upon attributes to not only define access control policy rules but also enforce the access control. Attributes need to be established, issued, stored, and managed under an authority. Attributes shared across

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

February 25, 2019

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone

[Includes updates as of February 25, 2019] This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by

Access Control for Emerging Distributed Systems

November 1, 2018

Author(s)

Chung Tong Hu, David R. Kuhn, David F. Ferraiolo

As big data, cloud computing, grid computing, and the Internet of Things reshape current data systems and practices, IT experts are keen to harness the power of distributed systems to boost security and prevent fraud. How can these systems' capabilities be

A System for Centralized ABAC Policy Administration and Local ABAC Policy Decision and Enforcement in Host Systems using Access Control Lists

March 21, 2018

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Gopi Katwala

We describe a method that centrally manages Attribute-Based Access Control (ABAC) policies and locally computes and enforces decisions regarding those policies for protection of resource repositories in host systems using their native Access Control List

Attribute Based Access Control

November 30, 2017

Author(s)

Chung Tong Hu, David F. Ferraiolo, Ramaswamy Chandramouli, David R. Kuhn

Until now, ABAC research has been documented in hundreds of research papers, but not consolidated in book form. This book explains ABAC's history and model, related standards, verification and assurance, applications, and deployment challenges; Specialized

Imposing Fine-grain Next Generation Access Control over Database Queries

May 25, 2017

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Gopi Katwala, Joshua D. Roberts

In this paper we describe a system that leverages ANSI/INCITS Next Generation Access Control (NGAC) standard called Next-generation Database Access Control (NDAC) for accessing data in tables, rows, and columns in existing RDBMS products. NDAC imposes

Exploring the Next Generation of Access Control Methodologies

November 22, 2016

Author(s)

David Ferraiolo, Larry Feldman, Greg Witte

This bulletin summarizes the information presented in NIST SP 800-178: A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications. The publication describes Extensible Access Control Markup Language (XACML) and Next

A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications

October 3, 2016

Author(s)

David F. Ferraiolo, Ramaswamy Chandramouli, Chung Tong Hu, David R. Kuhn

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control (ABAC) standards with similar goals and objectives. An objective of both is to provide a standardized way for

Search Publications by: David Ferraiolo (Fed)