Title :
A Model for Privacy and Security Risks Analysis
Author :
Paintsil, Ebenezer
Author_Institution :
Dept. of Appl. Res. in ICT, Norwegian Comput. Center, Oslo, Norway
Abstract :
This article introduces an extended misuse case (EMC) model for privacy and security risks analysis and formally validates the model by means of colored petri nets (CPNs). The EMC model extends the use and misuse cases (UMCs) model with security and privacy requirements. The proposed EMC model and the CPNs instantiation deal with some of the shortcomings of the traditional UMCs which include lack of quality goals and formal validation techniques. The CPNs instantiation enables automatic detection of possible violation of privacy and security goals and can be extended to communicate risk to both technical and non-technical stakeholders. The CPNs and EMC models are illustrated with privacy and security risks contributing factors for identity management systems (IDMSs).
Keywords :
Petri nets; computer network management; data privacy; risk analysis; security of data; CPN; EMC model; UMC model; automatic detection; colored Petri nets; extended misuse case; formal validation technique; identity management system; nontechnical stakeholder; privacy; privacy risks analysis; security risk analysis; technical stakeholder; use and misuse case; Analytical models; Availability; Electromagnetic compatibility; Privacy; Risk analysis; Security; Unified modeling language;
Conference_Titel :
New Technologies, Mobility and Security (NTMS), 2012 5th International Conference on
Conference_Location :
Istanbul
Print_ISBN :
978-1-4673-0228-9
Electronic_ISBN :
2157-4952
DOI :
10.1109/NTMS.2012.6208713
