U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by:

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 28

Imposing Fine-grain Next Generation Access Control over Database Queries

May 25, 2017
Author(s)
David F. Ferraiolo, Serban I. Gavrila, Gopi Katwala, Joshua D. Roberts
In this paper we describe a system that leverages ANSI/INCITS Next Generation Access Control (NGAC) standard called Next-generation Database Access Control (NDAC) for accessing data in tables, rows, and columns in existing RDBMS products. NDAC imposes

Policy Machine: Features, Architecture, and Specification

October 27, 2015
Author(s)
David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen
The ability to control access to sensitive data in accordance with policy is perhaps the most fundamental security requirement. Despite over four decades of security research, the limited ability for existing access control mechanisms to enforce a

On the Unification of Access Control and Data Services

August 15, 2014
Author(s)
David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen
A primary objective of enterprise computing (via a data center, cloud, etc.) is the controlled delivery of data services (DS). Typical DSs include applications such as email, workflow, and records management, as well as system level features, such as file

Enabling an Enterprise-wide, Data-centric Operating Environment

June 21, 2013
Author(s)
David F. Ferraiolo, Serban I. Gavrila, Wayne Jansen
Although access control (AC) currently plays an important role in securing DSs, if properly envisaged and designed, access control can serve a more vital role in computing than one might expect. The Policy Machine (PM), a framework for AC developed at NIST

Smart Cards for Mobile Devices

December 3, 2007
Author(s)
Wayne Jansen, Serban I. Gavrila, Clement Seveillac
While mobile handheld devices provide productivity benefits, they also pose new risks. User authentication is the best safeguard against the risk of unauthorised use and access to a device¿s contents. This paper describes two novel types of Smart Card (SC)

Smart Card Authentication for Mobile Devices

September 1, 2006
Author(s)
Wayne Jansen, Serban I. Gavrila, Clement Seveillac
While mobile handheld devices provide productivity benefits, they also pose new risks. User authentication is the best safeguard against the risk of unauthorized use and access to a device¿s contents. This paper describes two novel types of smart card with

Proximity-Based Authentication for Mobile Devices

October 1, 2005
Author(s)
Wayne Jansen, Serban I. Gavrila, Vlad Korolev
While mobile handheld devices provide productivity benefits, they also pose new risks. User authentication is the best safeguard against the risk of unauthorized use and access to a device's contents. This paper describes two location-based user

Smart Cards and Mobile Device Authentication: an Overview and Implementation

July 1, 2005
Author(s)
Wayne Jansen, Serban I. Gavrila, Clement Seveillac, Vladimir Korolev
The use of mobile handheld devices within the workplace is expanding rapidly. These devices are no longer viewed as coveted gadgets for early technology adopters, but have instead become indispensable tools that offer competitive business advantages for

Proximity Beacons and Mobile Device Authentication: an Overview and Implementation

June 1, 2005
Author(s)
Wayne Jansen, Serban I. Gavrila, Vladimir Korolev
The use of mobile handheld devices within the workplace is expanding rapidly. These devices are no longer viewed as coveted gadgets for early technology adopters, but have instead become indispensable tools that offer competitive business advantages for

A Unified Framework for Mobile Device Security

June 15, 2004
Author(s)
Wayne Jansen, Vlad Korolev, Serban I. Gavrila, T Heute, Clement Seveillac
Present-day handheld devices, such as PDAs, are a useful blend of hardware and software oriented toward the mobile workforce. While they provide the capability to review documents, correspond via electronic mail, manage appointments and contacts, etc

Forensic Software Testing Support Tools: Test Summary Report

April 1, 2004
Author(s)
Elizabeth N. Fong, Serban I. Gavrila
The Computer Forensic Tool Testing (CFTT) project at the National Institute of Standards and Technology (NIST), an agency of the United States Department of Commerce, provides a measure of confidence in the software tools used in computer forensic

A Framework for Multi-mode Authentication: Overview and Implementation Guide

August 1, 2003
Author(s)
Wayne Jansen, Vladimir Korolev, Serban I. Gavrila, T Heute, Clement Seveillac
The use of mobile handheld devices within the workplace is expanding rapidly. These devices are no longer viewed as coveted gadgets for early technology adopters, but have instead become indispensable tools that offer competitive business advantages for

Picture Password: A Visual Login Technique for Mobile Devices

July 1, 2003
Author(s)
Wayne Jansen, Serban I. Gavrila, Vladimir Korolev, Richard P. Ayers, Ryan Swanstrom
Adequate user authentication is a persistent problem, particularly with handheld devices, which tend to be highly personal and at the fringes of an organization's influence. Yet, these devices are being used increasingly in corporate settings where they

The Role Control Center: Features and Case Studies

June 4, 2003
Author(s)
David F. Ferraiolo, Gail-Joon Ahn, Ramaswamy Chandramouli, Serban I. Gavrila
Role-based Access Control (RBAC) models have been implemented not only in self-contained resource management products such as DBMSs and Operating Systems but also in a class of products called Enterprise Security Management Systems (ESMS). ESMS products

Security Policy Management for Handheld Devices

June 1, 2003
Author(s)
Wayne Jansen, Athanasios T. Karygiannis, M Iorga, Serban I. Gavrila, Vlad Korolev
The adoption of wireless technologies and handheld devices is becoming widespread in business, industry, and government organizations. The use of handheld devices introduces new risks to existing enterprise computing resources. Therefore, organizations

Policy Expression and Enforcement for Handheld Devices

April 1, 2003
Author(s)
Wayne Jansen, Tom T. Karygiannis, Vladimir Korolev, Serban I. Gavrila, Michaela Iorga
The use of mobile handheld devices, such as Personal Digital Assistants (PDAs) and tablet computers, within the workplace is expanding rapidly. These devices are no longer viewed as coveted gadgets for early technology adopters, but instead have become

A PDA Security Policy Enforcement Tool

July 9, 2002
Author(s)
Athanasios T. Karygiannis, Wayne Jansen, Serban I. Gavrila, Vlad Korolev
This paper describes a proof-of-concept implementation of a Personal Digital Assistant (PDA) Security Policy Enforcement Tool developed by NIST. This tool can assist enterprise security administrators in setting, updating, monitoring, and enforcing group

Assigning and Enforcing Security Policies on Handheld Devices

May 1, 2002
Author(s)
Wayne Jansen, Athanasios T. Karygiannis, Serban I. Gavrila, Vlad Korolev
The proliferation of mobile handheld devices, such as Personal Digital Assistants (PDAs) and tablet computers, within the workplace is expanding rapidly. While providing productivity benefits, the ability of these devices to store and transmit corporate
Was this page helpful?