David Ferraiolo

Publications

A Trusted Federated System to Share Granular Data Among Disparate Database Resources

March 15, 2021

Author(s)

Joanna DeFranco, David F. Ferraiolo, D. Richard Kuhn, Joshua D. Roberts

Sharing data between different organizations is a challenge primarily due to database management systems (DBMSs) being different types that impose different

A New Approach to Data Sharing and Distributed Ledger Technology: A Clinical Trial Use Case

February 16, 2021

Author(s)

David F. Ferraiolo, Joanna DeFranco, D. Richard Kuhn, Joshua D. Roberts

Distributed systems have always presented complex challenges, and technology trends are in many ways making the software designer's job more difficult. In

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

August 2, 2019

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone

[Includes updates as of August 2, 2019] This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical

Attribute Considerations for Access Control Systems

June 18, 2019

Author(s)

Chung Tong Hu, David F. Ferraiolo, David Kuhn

Attribute-based access control systems rely upon attributes to not only define access control policy rules but also enforce the access control. Attributes need

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

February 25, 2019

Author(s)

Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone

[Includes updates as of February 25, 2019] This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical

View more Publications

Patents

Access Control System and Process for Managing and Enforcing an Attribute Based Access Control Policy

NIST Inventors

David Ferraiolo and Gopi Katwala

Patent Description This is a method that centrally manages Attribute-Based Access Control (ABAC) policies and locally computes and enforces decisions over those policies on objects that are locally protected using Access Control Lists (ACLs). The method is as follows: Centrally express an ABAC

Image of a spreadhsheet with some records

Next Generation Access Control System and Process for Controlling Database Access

NIST Inventors

Joshua Roberts , Gopi Katwala and David Ferraiolo

Patent Description The Policy Machine is an access control framework that served as the basis for the development of an American National Standards Institute (ANSI)/ the International Committee for Information Technology Standards (INCITS – the central U.S. forum dedicated to creating technology

View All Patents

David Ferraiolo (Fed)

Group Manager for Secure Systems and Applications Group, Computer Scientist

Publications

A Trusted Federated System to Share Granular Data Among Disparate Database Resources

A New Approach to Data Sharing and Distributed Ledger Technology: A Clinical Trial Use Case

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

Attribute Considerations for Access Control Systems

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

Patents

Access Control System and Process for Managing and Enforcing an Attribute Based Access Control Policy

Next Generation Access Control System and Process for Controlling Database Access