Paintsil, Ebenezer; Fritsch, Lothar
Model-based risk analysis methods use graphical models to facilitate participation, risk communication and documentation and thereby improve the risk analysis process. Currently, risk analysis methods for identity management systems (IDMSs) mainly rely on time consuming and expensive manual inspections and lack graphical models. This article introduces the executable model-based risk analysis method (EM-BRAM) with the aim of addressing these challenges. The EM-BRAM employs graphical models to enhance risk analysis in IDMSs. It identifies risk contributing factors for IDMSs and uses them as inputs to a colored petri nets (CPNs) model of a targeted IDMS. It then verifies the system’s risk using CPNs’ state space analysis and queries.