Toward Secure and Trustworthy Identity Management Systems

A Knowledge-base Driven Approach

This page contains complementary material related to the following paper:
  • Title: Toward Secure and Trustworthy Identity Management Systems: A Knowledge-base Driven Approach
  • Authors: Gianluca Sassetti, Amir Sharif, Roberto Carbone, Silvio Ranise

Abstract

Identity Management systems (IdMs) provide digital identities to billions of internet users. They are the foundation of modern information systems and key enablers of access control, security, and privacy. However, IdMs are complex socio-technical systems that require the orchestration of technical, organizational, legal, and human factors to ensure their security, privacy, and resilience. Achieving this is easier said than done, since IdM designers need to navigate the multitude of possible system designs, analyzing their trade-offs and shortcomings. In this context, the lack of a comprehensive body of knowledge on IdMs constitutes a key challenge for IdM design and analysis. We address this issue with a systematic review of the literature to build a comprehensive knowledge base that encompasses technical, organizational, and legal aspects of IdMs. The knowledge base is built on an ontology representing information systems with a focus on entities relevant for threat modeling. We propose a prototype tool that enables the exploration of the knowledge base to help IdM designers analyze their solutions and visualize possible alternative design choices. By connecting design goals and requirements to mitigations and threats, the tool provides practitioners with actionable solutions to harden the system and achieve their security and privacy goals through a threat modeling workflow. This research paper provides academia and industry with a significant contribution through an IdM Knowledge Base to support policymakers, IdM designers, and researchers in creating secure, robust, and privacy-preserving IdMs.

Complementary Material

Supplementary material: A comprehensive report of our CIE analysis is available here.

The complete list of papers for the literature review for each step and the final list is available here

IdM-KB Tool Our IdM Knowledge-base is availble here

Involved People

Amir Sharif

Amir Sharif

Gianluca Sassetti

Gianluca Sassetti

Roberto Carbone

Roberto Carbone

Silvio Ranise

Silvio Ranise