The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

David F. Ferraiolo - National Institute of Standards and Technology

Students: Fall 2024, unless noted otherwise, sessions will be virtual on Zoom.

The Policy Machine: Towards Universal Attribute-based Access Control Policy Specification and Enforcement

Sep 17, 2003

Abstract

Through the administration of sets of configurable relations, RBAC models have been able to go beyond the simple table lookup models of the access control matrix to support a wider range of access control policies. Existing role-based models have been shown to be natural in their support of subject-based policies such as least privilege, and a variety of static and dynamic separation of duty policies. More recently RBAC models have been extended in their support of workflow policies, but have proven clumsy in support of other policies, such as one-directional information flow, discretionary access and Chinese wall policies. In this paper we present a Policy Machine (PM) that is more complete than RBAC or any other model in its natural embodiment and enforcement of access control policies. However, the PM is not another extension or variation on the RBAC theme

About the Speaker

David F. Ferraiolo is the supervisor of the Emerging Technologies Research group of the Computer Security Division at the National Institute of Standards and Technology (NIST). He has over 19 years of experience in computer and communications security, serving both the government and private industry. During his last 10 years of employment at NIST, he has conducted extensive research in various areas of access control, including formal model development, reference and prototype implementation, product demonstration development and evaluation, and is given credited as the originator of numerous commercially available security mechanisms. He is a coauthor of a recent book on RBAC, is the author or coauthor of more than 20 papers in the area of access control, and the principle inventor on two U.S. patents. He received a U.S. Department of Commerce gold medal in 2002 and a 1998 Excellence in Technology Transfer award from the Federal Laboratory Consortium for research in RBAC,
and has served on the editorial boards of the U.S Federal Criteria and the international Common Criteria (ISO 15408). His talks have included Key Note speeches at technical conferences, and lectures at Universities and corporations. His publications are widely referenced from sources within the U.S., Canada, Europe, Asia, and Africa and have impacted research and standardization efforts around the world. He received a combined B.S. in computer science and mathematics from the State University of New York at Albany in 1982.



Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!