Ebenezer Paintsil

Learn More
This paper integrates run-time verification enablers in the feedback adaptation loop of the ASSET adaptive security framework for Internet of Things (IoT) in the eHealth settings and instantiates the resulting framework with Colored Petri Nets. The run-time enablers make machine-readable formal models of a system state and context available at run-time. In(More)
This article introduces an extended misuse case (EMC) model for privacy and security risks analysis and formally validates the model by means of colored petri nets (CPNs). The EMC model extends the use and misuse cases (UMCs) model with security and privacy requirements. The proposed EMC model and the CPNs instantiation deal with some of the shortcomings of(More)
Currently, risk assessment methods for identity management systems (IDMSs) are lacking. This makes it difficult to compare IDMSs based on how they enhance privacy and security of system stakeholders. This article proposes the executable model-based risk assessment method (EM-BRAM) with the aim of addressing this challenge. The EM-BRAM identifies risk(More)
Currently, risk analysis methods for identity management systems (IDMSs) mainly rely on manual inspections. Manual inspection is time consuming and expensive. This article introduces the executable model-based risk analysis method (EM-BRAM) with the aim of automating privacy and security risks analysis in IDMSs. The EM-BRAM identifies risk factors inherent(More)
Identity management system(s) (IDMS) do rely on tokens in order to function. Tokens can contribute to privacy or security risk in IDMS. Specifically, the characteristics of tokens contribute greatly to security and privacy risks in IDMS. Our understanding of how the characteristics of token contribute to privacy and security risks will help us manage the(More)
Ebenezer Paintsil is currently a researcher at Norwegian Computing Center (NR). He received MSc and LLM from University of Oslo and begun his PhD 2010. He worked on privacy and security risks analysis in identity management systems and was part of the Norsk Regnesentral (Norwegian Computing Center, NR) is a private, independent, non-profit foundation(More)
This article introduces a taxonomy of security risk assessment approaches. The taxonomy is based on the challenges in the information system security (IS-Security) risk assessment discipline. Traditionally, classification schemes for IS-Security risk assessment approaches are motivated by business needs. They aim at offering management an effective tool for(More)