Abstract
Model-driven approach has recently received much attention in developing secure software and systems. In addition, software developers have attempted to employ such an emerging approach in the early stage of software development life cycle. However, security concerns are rarely considered and practiced due to the lack of appropriate systematic mechanisms and tools. In this paper, we introduce a multilayered software development life cycle (SDLC), which is based on an assurance management framework (AMF), focusing on the development of authorization systems. AMF facilitates comprehensive realization of formal security model, security policy specification and verification, generation of security enforcement codes, and rigorous conformance testing. We also articulate our experience in analyzing role-based authorization requirements and realizing those requirements in constructing a role-based authorization system.
Original language | English (US) |
---|---|
Article number | 5462923 |
Pages (from-to) | 396-405 |
Number of pages | 10 |
Journal | IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews |
Volume | 40 |
Issue number | 4 |
DOIs | |
State | Published - Jul 2010 |
Fingerprint
Keywords
- Authorization
- model-driven approach
- role based
- unified modeling language (UML)
ASJC Scopus subject areas
- Control and Systems Engineering
- Electrical and Electronic Engineering
- Computer Science Applications
- Human-Computer Interaction
- Information Systems
- Software
Cite this
Constructing authorization systems using assurance management framework. / Hu, Hongxin; Ahn, Gail-Joon.
In: IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews, Vol. 40, No. 4, 5462923, 07.2010, p. 396-405.Research output: Contribution to journal › Article
}
TY - JOUR
T1 - Constructing authorization systems using assurance management framework
AU - Hu, Hongxin
AU - Ahn, Gail-Joon
PY - 2010/7
Y1 - 2010/7
N2 - Model-driven approach has recently received much attention in developing secure software and systems. In addition, software developers have attempted to employ such an emerging approach in the early stage of software development life cycle. However, security concerns are rarely considered and practiced due to the lack of appropriate systematic mechanisms and tools. In this paper, we introduce a multilayered software development life cycle (SDLC), which is based on an assurance management framework (AMF), focusing on the development of authorization systems. AMF facilitates comprehensive realization of formal security model, security policy specification and verification, generation of security enforcement codes, and rigorous conformance testing. We also articulate our experience in analyzing role-based authorization requirements and realizing those requirements in constructing a role-based authorization system.
AB - Model-driven approach has recently received much attention in developing secure software and systems. In addition, software developers have attempted to employ such an emerging approach in the early stage of software development life cycle. However, security concerns are rarely considered and practiced due to the lack of appropriate systematic mechanisms and tools. In this paper, we introduce a multilayered software development life cycle (SDLC), which is based on an assurance management framework (AMF), focusing on the development of authorization systems. AMF facilitates comprehensive realization of formal security model, security policy specification and verification, generation of security enforcement codes, and rigorous conformance testing. We also articulate our experience in analyzing role-based authorization requirements and realizing those requirements in constructing a role-based authorization system.
KW - Authorization
KW - model-driven approach
KW - role based
KW - unified modeling language (UML)
UR - http://www.scopus.com/inward/record.url?scp=77953712128&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77953712128&partnerID=8YFLogxK
U2 - 10.1109/TSMCC.2010.2047856
DO - 10.1109/TSMCC.2010.2047856
M3 - Article
AN - SCOPUS:77953712128
VL - 40
SP - 396
EP - 405
JO - IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews
JF - IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews
SN - 1094-6977
IS - 4
M1 - 5462923
ER -