Constructing authorization systems using assurance management framework

Hongxin Hu; Gail-Joon Ahn

doi:10.1109/TSMCC.2010.2047856

Constructing authorization systems using assurance management framework

Hongxin Hu, Gail-Joon Ahn

Research output: Contribution to journal › Article

6 Citations (Scopus)

Abstract

Model-driven approach has recently received much attention in developing secure software and systems. In addition, software developers have attempted to employ such an emerging approach in the early stage of software development life cycle. However, security concerns are rarely considered and practiced due to the lack of appropriate systematic mechanisms and tools. In this paper, we introduce a multilayered software development life cycle (SDLC), which is based on an assurance management framework (AMF), focusing on the development of authorization systems. AMF facilitates comprehensive realization of formal security model, security policy specification and verification, generation of security enforcement codes, and rigorous conformance testing. We also articulate our experience in analyzing role-based authorization requirements and realizing those requirements in constructing a role-based authorization system.

Original language	English (US)
Article number	5462923
Pages (from-to)	396-405
Number of pages	10
Journal	IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews
Volume	40
Issue number	4
DOIs	https://doi.org/10.1109/TSMCC.2010.2047856
State	Published - Jul 2010

Fingerprint

Life cycle

Software engineering

Codes (standards)

Specifications

Testing

Keywords

Authorization
model-driven approach
role based
unified modeling language (UML)

ASJC Scopus subject areas

Control and Systems Engineering
Electrical and Electronic Engineering
Computer Science Applications
Human-Computer Interaction
Information Systems
Software

Cite this

Hu, H., & Ahn, G-J. (2010). Constructing authorization systems using assurance management framework. IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews, 40(4), 396-405. [5462923]. https://doi.org/10.1109/TSMCC.2010.2047856

Constructing authorization systems using assurance management framework. / Hu, Hongxin; Ahn, Gail-Joon.

In: IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews, Vol. 40, No. 4, 5462923, 07.2010, p. 396-405.

Research output: Contribution to journal › Article

Hu, H & Ahn, G-J 2010, 'Constructing authorization systems using assurance management framework', IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews, vol. 40, no. 4, 5462923, pp. 396-405. https://doi.org/10.1109/TSMCC.2010.2047856

Hu H, Ahn G-J. Constructing authorization systems using assurance management framework. IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews. 2010 Jul;40(4):396-405. 5462923. https://doi.org/10.1109/TSMCC.2010.2047856

Hu, Hongxin ; Ahn, Gail-Joon. / Constructing authorization systems using assurance management framework. In: IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews. 2010 ; Vol. 40, No. 4. pp. 396-405.

@article{c365ad3350c84f82a34b8cca754e4ae7,

title = "Constructing authorization systems using assurance management framework",

abstract = "Model-driven approach has recently received much attention in developing secure software and systems. In addition, software developers have attempted to employ such an emerging approach in the early stage of software development life cycle. However, security concerns are rarely considered and practiced due to the lack of appropriate systematic mechanisms and tools. In this paper, we introduce a multilayered software development life cycle (SDLC), which is based on an assurance management framework (AMF), focusing on the development of authorization systems. AMF facilitates comprehensive realization of formal security model, security policy specification and verification, generation of security enforcement codes, and rigorous conformance testing. We also articulate our experience in analyzing role-based authorization requirements and realizing those requirements in constructing a role-based authorization system.",

keywords = "Authorization, model-driven approach, role based, unified modeling language (UML)",

author = "Hongxin Hu and Gail-Joon Ahn",

year = "2010",

month = "7",

doi = "10.1109/TSMCC.2010.2047856",

language = "English (US)",

volume = "40",

pages = "396--405",

journal = "IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews",

issn = "1094-6977",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "4",

}

TY - JOUR

T1 - Constructing authorization systems using assurance management framework

AU - Hu, Hongxin

AU - Ahn, Gail-Joon

PY - 2010/7

Y1 - 2010/7

N2 - Model-driven approach has recently received much attention in developing secure software and systems. In addition, software developers have attempted to employ such an emerging approach in the early stage of software development life cycle. However, security concerns are rarely considered and practiced due to the lack of appropriate systematic mechanisms and tools. In this paper, we introduce a multilayered software development life cycle (SDLC), which is based on an assurance management framework (AMF), focusing on the development of authorization systems. AMF facilitates comprehensive realization of formal security model, security policy specification and verification, generation of security enforcement codes, and rigorous conformance testing. We also articulate our experience in analyzing role-based authorization requirements and realizing those requirements in constructing a role-based authorization system.

AB - Model-driven approach has recently received much attention in developing secure software and systems. In addition, software developers have attempted to employ such an emerging approach in the early stage of software development life cycle. However, security concerns are rarely considered and practiced due to the lack of appropriate systematic mechanisms and tools. In this paper, we introduce a multilayered software development life cycle (SDLC), which is based on an assurance management framework (AMF), focusing on the development of authorization systems. AMF facilitates comprehensive realization of formal security model, security policy specification and verification, generation of security enforcement codes, and rigorous conformance testing. We also articulate our experience in analyzing role-based authorization requirements and realizing those requirements in constructing a role-based authorization system.

KW - Authorization

KW - model-driven approach

KW - role based

KW - unified modeling language (UML)

UR - http://www.scopus.com/inward/record.url?scp=77953712128&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77953712128&partnerID=8YFLogxK

U2 - 10.1109/TSMCC.2010.2047856

DO - 10.1109/TSMCC.2010.2047856

M3 - Article

AN - SCOPUS:77953712128

VL - 40

SP - 396

EP - 405

JO - IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews

JF - IEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews

SN - 1094-6977

IS - 4

M1 - 5462923

ER -

Access to Document

10.1109/TSMCC.2010.2047856