U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: David Ferraiolo (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 76 - 87 of 87

Specifying and Managing Role-Based Access Control Within a Corporate Intranet

November 7, 1997
Author(s)
David F. Ferraiolo, John Barkley
In order for intranets to reach their full potential, access control and authorization management mechanisms must be in place that can regulate user access to information in a manner that is consistent with the current set of laws, regulations, and

Role Based Access Control for the World Wide Web

October 10, 1997
Author(s)
John Barkley, Anthony V. Cincotta, David F. Ferraiolo, Serban I. Gavrila, David R. Kuhn
One of the most challenging problems in managing large networked systems is the complexity of security administration. This is particularly true for organizations that AWeb (WWW) servers. Today, security administration is costly and prone to error because

Role-Based Access Control (RBAC): Features and Motivations

December 15, 1995
Author(s)
David F. Ferraiolo, Janet A. Cugini, David R. Kuhn
The central notion of Role-Based Access Control (RBAC) is that users do not have discretionary access to enterprise objects. Instead, access permissions are administratively associated with roles, and users are administratively made members of appropriate

Minimum Security Requirements for Multi-User Operating Systems

March 1, 1993
Author(s)
David F. Ferraiolo, N Lynch, Patricia R. Toth
[NOTE: THIS DOCUMENT HAS BEEN SUPERSEDED BY THE FEDERAL CRITERIA.] The Minimum Security Requirements for Multi-User Operating Systems (MSR) document provides basic commercial computer system security requirements applicable to both government and

Assessing Federal and Commercial Information Security Needs (IT)

November 1, 1992
Author(s)
David F. Ferraiolo, D M. Gilbert, N Lynch
In a cooperative effort with government and industry, the National Institute of Standards and Technology (NIST) conducted a study to assess the current and future information technology (IT) security needs of the commercial, civil, and military sectors

Role-Based Access Controls

October 13, 1992
Author(s)
David F. Ferraiolo, David R. Kuhn
While Mandatory Access Controls (MAC) are appropriate for multilevel secure military applications, Discretionary Access Controls (DAC) are often perceived as meeting the security processing needs of industry and civilian government. This paper argues that