Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: David Ferraiolo (Fed)

Displaying 26 - 50 of 87

Pseudo-exhaustive Testing of Attribute Based Access Control Rules

August 4, 2016

Author(s)

David R. Kuhn, Chung Tong Hu, David F. Ferraiolo, Raghu N. Kacker, Yu Lei

Access control typically requires translating policies or rules given in natural language into a form such as a programming language or decision table, which can be processed by an access control system. Once rules have been described in machine

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC)

March 11, 2016

Author(s)

David F. Ferraiolo, Ramaswamy Chandramouli, David R. Kuhn, Chung Tong Hu

Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) are very different attribute based access control standards with similar goals and objectives. An objective of both is to provide a standardized way for expressing

Policy Machine: Features, Architecture, and Specification

October 27, 2015

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen

The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to enforce a

Implementing and Managing Policy Rules in Attribute Based Access Control

August 13, 2015

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Raghu N. Kacker, Yu Lei

Attribute Based Access Control (ABAC) is a popular approach to enterprise-wide access control that provides flexibility suitable for today's dynamic distributed systems. ABAC controls access to objects by evaluating policy rules against the attributes of

An Access Control Scheme for Big Data Processing

November 11, 2014

Author(s)

Chung Tong Hu, Timothy Grance, David F. Ferraiolo, David R. Kuhn

Access Control (AC) systems are among the most critical of network security components. A system's privacy and security controls are more likely to be compromised due to the misconfiguration of access control policies rather than the failure of

Policy Machine: Towards a General Purpose Enterprise-Wide Operating Environment

August 28, 2014

Author(s)

David F. Ferraiolo, Larry Feldman, Gregory A. Witte

On the Unification of Access Control and Data Services

August 15, 2014

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen

A primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DS). Typical DSs include applications such as email, workflow, and records management, as well as system level features, such as file

Policy Machine: Features, Architecture, and Specification

May 31, 2014

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen

[Superseded by NISTIR 7987 Revision 1 (October 2015): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=913195] The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

January 16, 2014

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone

This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the

Enabling an Enterprise-wide, Data-centric Operating Environment

June 21, 2013

Author(s)

David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen

Although access control (AC) currently plays an important role in securing DSs, if properly envisaged and designed, access control can serve a more vital role in computing than one might expect. The Policy Machine (PM), a framework for AC developed at NIST

A Matter of Policy

March 26, 2012

Author(s)

David F. Ferraiolo, Jeffrey M. Voas, George Hurlburt

This paper discusses system security policies. System policies are the set of rules that when implemented afford a strategy for the protection of information. The policy objectives are diverse and span the social-economic spectrum. System policies govern

The Policy Machine: a Novel Architecture and Framework for Access Control Policy Specification and Enforcement

April 1, 2011

Author(s)

David F. Ferraiolo, Vijay (. Atluri, Serban I. Gavrila

Specification of Attribute Relations for Access Control Policies and Constraints Using Policy Machine

August 23, 2010

Author(s)

Chung Tong Hu, David F. Ferraiolo, Serban I. Gavrila

Attribute relations in access control mechanisms or languages allow accurate and efficient specification of some popular access control models. However, most of the access control systems including today s de-facto access control protocol and specification