Vitenskapelig Kapittel/Artikkel/Konferanseartikkel   2012

Paintsil, Ebenezer

Publikasjonsdetaljer

Sider:

1–8–8

År:

2012

Lenker:

FULLTEKST: http://dx.doi.org/10.1109/NTMS.2012.6208713
DOI: doi.org/10.1109/ntms.2012.6208713

Del av: 5th International Conference on New Technologies, Mobility and Security (NTMS), 2012 (IEEE Press, 2012)

This article introduces an extended misuse case (EMC) model for privacy and security risks analysis and formally validates the model by means of colored petri nets (CPNs). The EMC model extends the use and misuse cases (UMCs) model with security and privacy requirements. The proposed EMC model and the CPNs instantiation deal with some of the shortcomings of the traditional UMCs which include lack of quality goals and formal validation techniques. The CPNs instantiation enables automatic detection of possible violation of privacy and security goals and can be extended to communicate risk to both technical and non-technical stakeholders. The CPNs and EMC models are illustrated with privacy and security risks contributing factors for identity management systems (IDMSs).