| 1. |
|
|
| 2. |
- Paintsil, Ebenezer, et al.
(författare)
-
A Taxonomy of Privacy and Security Risks Contributing Factors
- 2011
-
Ingår i: PRIVACY AND IDENTITY MANAGEMENT FOR LIFE. - : Springer. - 9783642207686 ; , s. 52-63
-
Konferensbidrag (refereegranskat)abstract
- Identity management system(s) (IDMS) do rely on tokens in order to function. Tokens can contribute to privacy or security risk in IDMS. Specifically, the characteristics of tokens contribute greatly to security and privacy risks in IDMS. Our understanding of how the characteristics of token contribute to privacy and security risks will help us manage the privacy and security risks in IDMS. In this article, we introduce a taxonomy of privacy and security risks contributing factors to improve our understanding of how tokens affect privacy and security in ID MS. The taxonomy is based on a survey of IDMS articles. We observed that our taxonomy can form the basis for a risk assessment model.
|
|
| 3. |
- Paintsil, Ebenezer, et al.
(författare)
-
Executable Model-Based Risk Analysis Method for Identity Management Systems : Using Hierarchical Colored Petri Nets Executable Model-Based Risk Assessment Method for Identity Management Systems
- 2013
-
Ingår i: Trust, Privacy, and Security in Digital Business. - Berlin, Heidelberg : Springer. - 9783642403422 - 9783642372827 ; , s. 48-61
-
Konferensbidrag (refereegranskat)abstract
- Model-based risk analysis methods use graphical models to facilitate participation, risk communication and documentation and thereby improve the risk analysis process. Currently, risk analysis methods for identity management systems (IDMSs) mainly rely on time consuming and expensive manual inspections and lack graphical models. This article introduces the executable model-based risk analysis method (EM-BRAM) with the aim of addressing these challenges. The EM-BRAM employs graphical models to enhance risk analysis in IDMSs. It identifies risk contributing factors for IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then verifies the system’s risk using CPNs’ state space analysis and queries. Currently, risk assessment methods for identity management systems (IDMSs) are lacking. This makes it difficult to compare IDMSs based on how they enhance privacy and security of system stakeholders. This article proposes the executable model-based risk assessment method (EM-BRAM) with the aim of addressing this challenge. The EM-BRAM identifies risk factors inherent in IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then estimates or verifies the system’s security and privacy risks using CPNs’ state space analysis and queries.
|
|
| 4. |
|
|
