Skip to main content
SpringerLink
Log in

Executable Model-Based Risk Analysis Method for Identity Management Systems: Using Hierarchical Colored Petri Nets

  • Conference paper
Trust, Privacy, and Security in Digital Business (TrustBus 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8058))

Abstract

Model-based risk analysis methods use graphical models to facilitate participation, risk communication and documentation and thereby improve the risk analysis process. Currently, risk analysis methods for identity management systems (IDMSs) mainly rely on time consuming and expensive manual inspections and lack graphical models. This article introduces the executable model-based risk analysis method (EM-BRAM) with the aim of addressing these challenges. The EM-BRAM employs graphical models to enhance risk analysis in IDMSs. It identifies risk contributing factors for IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then verifies the system’s risk using CPNs’ state space analysis and queries.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 49.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Audun, J., Simon, P.: User centric identity management. In: AusCERT Conference (2005)

    Google Scholar 

  2. Lund, M.S., Bjørnar Solhaug, K.S.: Model-Driven Risk Analysis, The CORAS Approach, 1st edn. Springer (2011) 978-3-642-12322-1

    Google Scholar 

  3. Cabarcos, P.: Risk assessment for better identity management in pervasive environments. In: 2011 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), pp. 389–390 (2011)

    Google Scholar 

  4. Kurt, J., Lars, K.M.: Colored Petri Nets: Modelling and Validation of Concurrent Systems: Modeling and Validation of Concurrent Systems. Springer, Heidelberg (2009) ISBN:978-3-642-00283-0

    Google Scholar 

  5. Gajek, S., Schwenk, J., Steiner, M., Xuan, C.: Risks of the cardspace protocol. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 278–293. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  6. Gross, T.: Security analysis of the saml single sign-on browser/artifact profile. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 298–307 (2003)

    Google Scholar 

  7. Suriadi, S., Foo, E., Jøsang, A.: A user-centric federated single sign-on system. J. Netw. Comput. Appl. 32, 388–401 (2009)

    Article  Google Scholar 

  8. Paintsil, E.: Evaluation of privacy and security risks analysis construct for identity management systems. IEEE Systems Journal PP(99), 1 (2012)

    Google Scholar 

  9. Paintsil, E.: A model for privacy and security risks analysis. In: 2012 5th International Conference New Technologies, Mobility and Security (NTMS), pp. 1–8 (2012)

    Google Scholar 

  10. Naumann, I., Hogben, G.: Privacy features of european eid card specifications. Technical Report 1.0.1, ENISA (2009)

    Google Scholar 

  11. WP3: D3.1: Structured overview on prototypes and concepts of identity management systems. Deliverable 1.1, Future of Identity in the Information Society (2005)

    Google Scholar 

  12. Maler, E., Reed, D.: The venn of identity: Options and issues in federated identity management. IEEE Security and Privacy 6, 16–23 (2008)

    Article  Google Scholar 

  13. NIST: Electronic authentication guideline. Technical Report 1.0.2, NIST Special Publication 800-63 (2006)

    Google Scholar 

  14. Ratha, N.K., Connell, J.H., Bolle, R.M.: Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal 40(3), 614–634 (2001)

    Article  Google Scholar 

  15. Mac Gregor, W., Dutcher, W., Khan, J.: An Ontology of Identity Credentials - Part 1: Background and Formulation. Technical report, National Institute of Standard and Technology, Gaitersburg, MD, USA (2006)

    Google Scholar 

  16. Google: SAML Single Sign-On Service for Google Apps (2012), https://developers.google.com/google-apps/sso/saml_reference_implementation

  17. Armando, A., Carbone, R., et al.: Formal analysis of saml 2.0 web browser single sign-on: breaking the saml-based single sign-on for google apps. In: Proceedings of the 6th ACM Workshop on Formal Methods in Security Engineering, FMSE 2008, pp. 1–10. ACM, New York (2008)

    Google Scholar 

  18. Gerber, M., von Solms, R.: From risk analysis to security requirements. Computers and Security 20(7), 577–584 (2001)

    Article  Google Scholar 

  19. Yamada, et al.: Information security incident survey report. Technical report, NPO Japan Network Security Association, JNSA (2006)

    Google Scholar 

  20. Kurt Jensen, S.C., Kristensen, L.M.: Cpn tools state space manual. Technical report, University of Aarhus (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Norwegian Computing Center Oslo, Norway

    Ebenezer Paintsil & Lothar Fritsch

Authors
  1. Ebenezer Paintsil
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lothar Fritsch
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Centre for Security Communications and Network Research, Plymouth University, PL4 8AA, Plymouth, UK

    Steven Furnell

  2. Department of Digital Systems, University of Piraeus, 18532, Piraeus, Greece

    Costas Lambrinoudakis

  3. Computer Science Department, University of Malaga, Campus de Teatinos s/n, 29071, Malaga, Spain

    Javier Lopez

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Paintsil, E., Fritsch, L. (2013). Executable Model-Based Risk Analysis Method for Identity Management Systems: Using Hierarchical Colored Petri Nets. In: Furnell, S., Lambrinoudakis, C., Lopez, J. (eds) Trust, Privacy, and Security in Digital Business. TrustBus 2013. Lecture Notes in Computer Science, vol 8058. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-40343-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-40343-9_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-40342-2

  • Online ISBN: 978-3-642-40343-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation