Constructing authorization systems using assurance management framework

Hongxin Hu, Gail-Joon Ahn

Research output: Contribution to journalArticlepeer-review

7 Scopus citations


Model-driven approach has recently received much attention in developing secure software and systems. In addition, software developers have attempted to employ such an emerging approach in the early stage of software development life cycle. However, security concerns are rarely considered and practiced due to the lack of appropriate systematic mechanisms and tools. In this paper, we introduce a multilayered software development life cycle (SDLC), which is based on an assurance management framework (AMF), focusing on the development of authorization systems. AMF facilitates comprehensive realization of formal security model, security policy specification and verification, generation of security enforcement codes, and rigorous conformance testing. We also articulate our experience in analyzing role-based authorization requirements and realizing those requirements in constructing a role-based authorization system.

Original languageEnglish (US)
Article number5462923
Pages (from-to)396-405
Number of pages10
JournalIEEE Transactions on Systems, Man and Cybernetics Part C: Applications and Reviews
Issue number4
StatePublished - Jul 2010


  • Authorization
  • model-driven approach
  • role based
  • unified modeling language (UML)

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Software
  • Information Systems
  • Human-Computer Interaction
  • Computer Science Applications
  • Electrical and Electronic Engineering


Dive into the research topics of 'Constructing authorization systems using assurance management framework'. Together they form a unique fingerprint.

Cite this