A Model for Privacy and Security Risks Analysis

Author

Paintsil, Ebenezer

Author_Institution

Dept. of Appl. Res. in ICT, Norwegian Comput. Center, Oslo, Norway

fYear

2012

fDate

7-10 May 2012

Firstpage

1

Lastpage

8

Abstract

This article introduces an extended misuse case (EMC) model for privacy and security risks analysis and formally validates the model by means of colored petri nets (CPNs). The EMC model extends the use and misuse cases (UMCs) model with security and privacy requirements. The proposed EMC model and the CPNs instantiation deal with some of the shortcomings of the traditional UMCs which include lack of quality goals and formal validation techniques. The CPNs instantiation enables automatic detection of possible violation of privacy and security goals and can be extended to communicate risk to both technical and non-technical stakeholders. The CPNs and EMC models are illustrated with privacy and security risks contributing factors for identity management systems (IDMSs).

Keywords

Petri nets; computer network management; data privacy; risk analysis; security of data; CPN; EMC model; UMC model; automatic detection; colored Petri nets; extended misuse case; formal validation technique; identity management system; nontechnical stakeholder; privacy; privacy risks analysis; security risk analysis; technical stakeholder; use and misuse case; Analytical models; Availability; Electromagnetic compatibility; Privacy; Risk analysis; Security; Unified modeling language;

fLanguage

English

Publisher

ieee

Conference_Titel

New Technologies, Mobility and Security (NTMS), 2012 5th International Conference on

Conference_Location

Istanbul

ISSN

2157-4952

Print_ISBN

978-1-4673-0228-9

Electronic_ISBN

2157-4952

Type

conf

DOI

10.1109/NTMS.2012.6208713

Filename

6208713