U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Publications by: Vincent C. Hu (Fed)

Search Title, Abstract, Conference, Citation, Keyword or Author
Displaying 1 - 25 of 37

Blockchain for Access Control Systems

May 26, 2022
Author(s)
Vincent C. Hu
The rapid development and wide application of distributed network systems have made network security – especially access control and data privacy – ever more important. Blockchain technology offers features such as decentralization, high confidence, and

Machine Learning for Access Control Policy Verification

September 16, 2021
Author(s)
Vincent C. Hu
Access control policy verification ensures that there are no faults within the policy that leak or block access privileges. As a software test, access control policy verification relies on methods such as model proof, data structure, system simulation, and

General Access Control Guidance for Cloud Systems

July 31, 2020
Author(s)
Chung Tong Hu, Michaela Iorga, Wei Bao, Ang Li, Qinghua Li, Antonios Gouglidis
This document presents cloud access control characteristics and a set of general access control guidance for cloud service models: IaaS (Infrastructure as a Service), PaaS (Platform as a Service), and SaaS (Software as a Service). Different service

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

August 2, 2019
Author(s)
Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone
[Includes updates as of August 2, 2019] This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by

Attribute Considerations for Access Control Systems

June 18, 2019
Author(s)
Chung Tong Hu, David F. Ferraiolo, David Kuhn
Attribute-based access control systems rely upon attributes to not only define access control policy rules but also enforce the access control. Attributes need to be established, issued, stored, and managed under an authority. Attributes shared across

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

February 25, 2019
Author(s)
Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone
[Includes updates as of February 25, 2019] This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by

Access Control for Emerging Distributed Systems

November 1, 2018
Author(s)
Chung Tong Hu, David R. Kuhn, David F. Ferraiolo
As big data, cloud computing, grid computing, and the Internet of Things reshape current data systems and practices, IT experts are keen to harness the power of distributed systems to boost security and prevent fraud. How can these systems' capabilities be

Pseudo-exhaustive Verification of Rule Based Systems

July 1, 2018
Author(s)
David R. Kuhn, Dylan J. Yaga, Raghu N. Kacker, Yu Lei, Chung Tong Hu
Rule-based systems are important in application domains such as artificial intelligence and business rule engines, as well as formal methods for software design. When translated into an implementation, simple expressions in rules may map to thousands of

Attribute Based Access Control

November 30, 2017
Author(s)
Chung Tong Hu, David F. Ferraiolo, Ramaswamy Chandramouli, David R. Kuhn
Until now, ABAC research has been documented in hundreds of research papers, but not consolidated in book form. This book explains ABAC's history and model, related standards, verification and assurance, applications, and deployment challenges; Specialized

Verification and Test Methods for Access Control Policies/Models

June 27, 2017
Author(s)
Chung Tong Hu, David R. Kuhn, Dylan J. Yaga
Access control systems are among the most critical of computer security components. Faulty policies, misconfigurations, or flaws in software implementations can result in serious vulnerabilities. To formally and precisely capture the security properties

Verification of Resilience Policies that Assist Attribute Based Access Control

March 24, 2017
Author(s)
Chung Tong Hu, Antonios Gouglidis, Jeremy Busby, David Hutchison
Access control offers mechanisms to control and limit the actions or operations that are performed by a user on a set of resources in a system. Many access control models exist that are able to support this basic requirement. One of the properties examined

General Methods for Access Control Policy Verification

December 19, 2016
Author(s)
Chung Tong Hu, David R. Kuhn
Access control systems are among the most critical of computer security components. Faulty policies, misconfigurations, or flaws in software implementations can result in serious vulnerabilities. To formally and precisely capture the security properties

Pseudo-exhaustive Testing of Attribute Based Access Control Rules

August 4, 2016
Author(s)
David R. Kuhn, Chung Tong Hu, David F. Ferraiolo, Raghu N. Kacker, Yu Lei
Access control typically requires translating policies or rules given in natural language into a form such as a programming language or decision table, which can be processed by an access control system. Once rules have been described in machine

Implementing and Managing Policy Rules in Attribute Based Access Control

August 13, 2015
Author(s)
Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Raghu N. Kacker, Yu Lei
Attribute Based Access Control (ABAC) is a popular approach to enterprise-wide access control that provides flexibility suitable for today's dynamic distributed systems. ABAC controls access to objects by evaluating policy rules against the attributes of

An Access Control Scheme for Big Data Processing

November 11, 2014
Author(s)
Chung Tong Hu, Timothy Grance, David F. Ferraiolo, David R. Kuhn
Access Control (AC) systems are among the most critical of network security components. A system's privacy and security controls are more likely to be compromised due to the misconfiguration of access control policies rather than the failure of

Attribute Based Access Control (ABAC) Definition and Considerations

March 7, 2014
Author(s)
Chung Tong Hu
Attribute-Based Access Control (ABAC) is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the subject, object, requested operations, and, in some cases

Real-Time Access Control Rule Fault Detection Using a Simulated Logic Circuit

February 3, 2014
Author(s)
Chung Tong Hu, Karen Scarfone
Access control (AC) policies can be implemented based on different AC models, which are fundamentally composed by semantically independent AC rules in expressions of privilege assignments described by attributes of subjects/attributes, actions, objects

Guide to Attribute Based Access Control (ABAC) Definition and Considerations

January 16, 2014
Author(s)
Chung Tong Hu, David F. Ferraiolo, David R. Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone
This document provides Federal agencies with a definition of attribute based access control (ABAC). ABAC is a logical access control methodology where authorization to perform a set of operations is determined by evaluating attributes associated with the

Guidelines for Access Control System Evaluation Metrics

September 14, 2012
Author(s)
Chung Tong Hu, Karen Scarfone
The purpose of this document is to provide Federal agencies with background information on access control (AC) properties, and to help access control experts improve their evaluation of the highest security AC systems. This document discusses the

Access Control for SAR Systems

July 1, 2011
Author(s)
Stephen Quirolgico, Chung Tong Hu, Tom T. Karygiannis
The Access Control for SAR Systems (ACSS) project focused on developing a prototype privilege management system used to express and enforce policies for controlling access to Suspicious Activity Report (SAR) data within the law enforcement domain. This