Executable Model-Based Risk Analysis Method for Identity Management Systems: Using Hierarchical Colored Petri Nets Executable Model-Based Risk Assessment Method for Identity Management Systems
2013 (English)In: Trust, Privacy, and Security in Digital Business: 10th International Conference, TrustBus 2013, Prague, Czech Republic, August 28-29, 2013. Proceedings / [ed] Furnell, S., Lambrinoudakis, C. & Lopez, J., Springer , 2013, 48-61 p.Conference paper (Refereed)
Model-based risk analysis methods use graphical models to facilitate participation, risk communication and documentation and thereby improve the risk analysis process. Currently, risk analysis methods for identity management systems (IDMSs) mainly rely on time consuming and expensive manual inspections and lack graphical models. This article introduces the executable model-based risk analysis method (EM-BRAM) with the aim of addressing these challenges. The EM-BRAM employs graphical models to enhance risk analysis in IDMSs. It identifies risk contributing factors for IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then verifies the system’s risk using CPNs’ state space analysis and queries. Currently, risk assessment methods for identity management systems (IDMSs) are lacking. This makes it difficult to compare IDMSs based on how they enhance privacy and security of system stakeholders. This article proposes the executable model-based risk assessment method (EM-BRAM) with the aim of addressing this challenge. The EM-BRAM identifies risk factors inherent in IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then estimates or verifies the system’s security and privacy risks using CPNs’ state space analysis and queries.
Place, publisher, year, edition, pages
Springer , 2013. 48-61 p.
Lecture Notes in Computer Science, 8058
Computer Science Computer Engineering
IdentifiersURN: urn:nbn:se:kau:diva-46745DOI: 10.1007/978-3-642-40343-9_5ISBN: 978-3-642-40342-2 978-3-642-37282-7 OAI: oai:DiVA.org:kau-46745DiVA: diva2:1037282
Trust, Privacy, and Security in Digital Business (TrustBus), August 28-29 2013, Prague, Czech Republic