David Ferraiolo

Biography

The individual and combined efforts of David F. Ferraiolo, D. Richard Kuhn, and Ravi Sandhu in developing and strengthening role-based access control (RBAC) have provided the computer industry with the world’s most widely used cybersecurity tool for protecting valuable digital data. Implemented at virtually all levels of computing, including operating system, database management, network, and enterprise management applications, RBAC overcame the limitations of previous security models based on military requirements that proved cumbersome for commercial industry needs. RBAC provides efficient security administration for large enterprises, simplified auditing of permissions to evaluate risk and regulatory compliance, efficient implementation of separation of duty rules to reduce insider threat risks, and scalability to some of the largest systems in existence.

Ferraiolo is manager of the Secure Systems and Applications Group, Computer Security Division, at the National Institute of Standards and Technology, Gaithersburg, MD, USA.