David Ferraiolo - Academia.edu (original) (raw)

Uploads

Papers by David Ferraiolo

2022 IEEE 29th Annual Software Technology Conference (STC)

In recent years, with the widely using and development of Enterprise Information Systems, people ... more In recent years, with the widely using and development of Enterprise Information Systems, people look more important upon the security of system gradually. Access control technology is the key factor of solving security problems. Compared with traditional DAC and MAC models, Role-Based Access Control (RBAC) Model can show better flexibility and expansibility, and becomes the best and most popular access control model nowadays. This paper theoretically and practically studies Role-based Access Control(RBAC) in Enterprise Information Systems.

Proceedings of the sixth ACM symposium on Access control models and technologies - SACMAT '01, 2001

The question before the panel: Considering all factors (for example: quality of protection, perfo... more The question before the panel: Considering all factors (for example: quality of protection, performance, compatibility, ease of use), which operating system access control technique will provide the greatest overall benefit to users?

Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control - ABAC '16, 2016

Journal of Systems Architecture, 2011

IEEE Security & Privacy Magazine, 2007

The ability to control access to sensitive data in accordance with policy is perhaps the most fun... more The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to generically enforce policy persists. While researchers, practitioners and policy makers have specified a large variety of access control policies to address real-world security issues, only a relatively small subset of these policies can be enforced through off-the-shelf technology, and even a smaller subset can be enforced by any one mechanism. In this paper, we propose an access control framework, referred to as the Policy Machine (PM) that fundamentally changes the way policy is expressed and enforced. Employing PM helps in building high assurance enforcement mechanisms in three respects. First, only a relatively small piece of the overall access control mechanism needs to be included in the host system (e.g., an operating system or application)....

Attribute-based access control (ABAC) is a flexible approach that can implement AC policies limit... more Attribute-based access control (ABAC) is a flexible approach that can implement AC policies limited only by the computational language and the richness of the available attributes, making it ideal for many distributed or rapidly changing environments. r2sec.indd 85

All in-text references underlined in blue are linked to publications on ResearchGate, letting you... more All in-text references underlined in blue are linked to publications on ResearchGate, letting you access and read them immediately.

This paper describes a unified model for role-based access control (RBAC). RBAC is a proven techn... more This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks to resolve this situation by unifying ideas from prior RBAC models, commercial products and research prototypes. It is intended to serve as a foundation for developing future standards. RBAC is a rich and open-ended technology which is evolving as users, researchers and vendors gain experience with it. The NIST model focuses on those aspects of RBAC for which consensus is available. It is organized into four levels of increasing functional capabilities called at RBAC, hierarchical RBAC, constrained RBAC and symmetric RBAC. These levels are cumulative and each adds exactly one new requirement. An alternate approach comprising at and hierarchical RBAC in an ordered sequence and two unordered features -- constraints and symmetry -- i...

Role-Based Access Control (RBAC): Features and Motivations David E Ferraiolo, Janet A. Cugini, D.... more Role-Based Access Control (RBAC): Features and Motivations David E Ferraiolo, Janet A. Cugini, D. Richard Kuhn National Institute of Standards and Technology US Department of Commerce Gaithersburg MD 208?? Abstract 77*? centrai ...

2022 IEEE 29th Annual Software Technology Conference (STC)

In recent years, with the widely using and development of Enterprise Information Systems, people ... more In recent years, with the widely using and development of Enterprise Information Systems, people look more important upon the security of system gradually. Access control technology is the key factor of solving security problems. Compared with traditional DAC and MAC models, Role-Based Access Control (RBAC) Model can show better flexibility and expansibility, and becomes the best and most popular access control model nowadays. This paper theoretically and practically studies Role-based Access Control(RBAC) in Enterprise Information Systems.

Proceedings of the sixth ACM symposium on Access control models and technologies - SACMAT '01, 2001

The question before the panel: Considering all factors (for example: quality of protection, perfo... more The question before the panel: Considering all factors (for example: quality of protection, performance, compatibility, ease of use), which operating system access control technique will provide the greatest overall benefit to users?

Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control - ABAC '16, 2016

Journal of Systems Architecture, 2011

IEEE Security & Privacy Magazine, 2007

The ability to control access to sensitive data in accordance with policy is perhaps the most fun... more The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to generically enforce policy persists. While researchers, practitioners and policy makers have specified a large variety of access control policies to address real-world security issues, only a relatively small subset of these policies can be enforced through off-the-shelf technology, and even a smaller subset can be enforced by any one mechanism. In this paper, we propose an access control framework, referred to as the Policy Machine (PM) that fundamentally changes the way policy is expressed and enforced. Employing PM helps in building high assurance enforcement mechanisms in three respects. First, only a relatively small piece of the overall access control mechanism needs to be included in the host system (e.g., an operating system or application)....

Attribute-based access control (ABAC) is a flexible approach that can implement AC policies limit... more Attribute-based access control (ABAC) is a flexible approach that can implement AC policies limited only by the computational language and the richness of the available attributes, making it ideal for many distributed or rapidly changing environments. r2sec.indd 85

All in-text references underlined in blue are linked to publications on ResearchGate, letting you... more All in-text references underlined in blue are linked to publications on ResearchGate, letting you access and read them immediately.

This paper describes a unified model for role-based access control (RBAC). RBAC is a proven techn... more This paper describes a unified model for role-based access control (RBAC). RBAC is a proven technology for large-scale authorization. However, lack of a standard model results in uncertainty and confusion about its utility and meaning. The NIST model seeks to resolve this situation by unifying ideas from prior RBAC models, commercial products and research prototypes. It is intended to serve as a foundation for developing future standards. RBAC is a rich and open-ended technology which is evolving as users, researchers and vendors gain experience with it. The NIST model focuses on those aspects of RBAC for which consensus is available. It is organized into four levels of increasing functional capabilities called at RBAC, hierarchical RBAC, constrained RBAC and symmetric RBAC. These levels are cumulative and each adds exactly one new requirement. An alternate approach comprising at and hierarchical RBAC in an ordered sequence and two unordered features -- constraints and symmetry -- i...

Role-Based Access Control (RBAC): Features and Motivations David E Ferraiolo, Janet A. Cugini, D.... more Role-Based Access Control (RBAC): Features and Motivations David E Ferraiolo, Janet A. Cugini, D. Richard Kuhn National Institute of Standards and Technology US Department of Commerce Gaithersburg MD 208?? Abstract 77*? centrai ...