身份管理系统中隐私自动化与安全风险分析

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications Pub Date : 2013-07-16 DOI:10.1109/TrustCom.2013.87

Ebenezer Paintsil

{"title":"身份管理系统中隐私自动化与安全风险分析","authors":"Ebenezer Paintsil","doi":"10.1109/TrustCom.2013.87","DOIUrl":null,"url":null,"abstract":"Currently, risk analysis methods for identity management systems (IDMSs) mainly rely on manual inspections. Manual inspection is time consuming and expensive. This article introduces the executable model-based risk analysis method (EM-BRAM) with the aim of automating privacy and security risks analysis in IDMSs. The EM-BRAM identifies risk factors inherent in IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then verifies the system's risk using CPNs' state space analysis and queries. We apply the method to analyze privacy and security risk in the OpenID IDMS.","PeriodicalId":206739,"journal":{"name":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Towards Automation of Privacy and Security Risks Analysis in Identity Management Systems\",\"authors\":\"Ebenezer Paintsil\",\"doi\":\"10.1109/TrustCom.2013.87\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Currently, risk analysis methods for identity management systems (IDMSs) mainly rely on manual inspections. Manual inspection is time consuming and expensive. This article introduces the executable model-based risk analysis method (EM-BRAM) with the aim of automating privacy and security risks analysis in IDMSs. The EM-BRAM identifies risk factors inherent in IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then verifies the system's risk using CPNs' state space analysis and queries. We apply the method to analyze privacy and security risk in the OpenID IDMS.\",\"PeriodicalId\":206739,\"journal\":{\"name\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"volume\":\"4 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-07-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/TrustCom.2013.87\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/TrustCom.2013.87","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

目前，身份管理系统(IDMSs)的风险分析方法主要依靠人工检查。人工检查既费时又昂贵。本文介绍了一种基于可执行模型的风险分析方法(EM-BRAM)，旨在实现idms中隐私和安全风险的自动化分析。EM-BRAM识别IDMS固有的风险因素，并将其作为目标IDMS的彩色petri网(cpn)模型的输入。然后使用cpn的状态空间分析和查询验证系统的风险。我们将该方法应用于OpenID IDMS中的隐私和安全风险分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Towards Automation of Privacy and Security Risks Analysis in Identity Management Systems

Currently, risk analysis methods for identity management systems (IDMSs) mainly rely on manual inspections. Manual inspection is time consuming and expensive. This article introduces the executable model-based risk analysis method (EM-BRAM) with the aim of automating privacy and security risks analysis in IDMSs. The EM-BRAM identifies risk factors inherent in IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then verifies the system's risk using CPNs' state space analysis and queries. We apply the method to analyze privacy and security risk in the OpenID IDMS.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

自引率

0.00%

发文量