Combining SABSA and Vis4Sec to the Process Framework IdMSecMan to Continuously Improve Identity Management Security in Heterogeneous ICT Infrastructures

Pöhn, Daniela; Seeber, Sebastian; Hommel, Wolfgang

doi:10.3390/app13042349

Applied Sciences

2023

DOI: 10.3390/app13042349

|View full text |Cite

Combining SABSA and Vis4Sec to the Process Framework IdMSecMan to Continuously Improve Identity Management Security in Heterogeneous ICT Infrastructures

Daniela Pöhn

Sebastian Seeber

Wolfgang Hommel

Abstract: Identity management ensures that users have appropriate access to resources, such as ICT services and data. Thereby, identity management does not only identify, authenticate, and authorize individuals, but also the hardware devices and software applications which the users need for access. In consequence, identity management is an important element of information security management (ISM) and data governance. As ICT infrastructures are constantly changing, and new threats emerge, identity management has to be … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2023

Publication Types

Select...

Other1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

(1 citation statement)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Nonetheless, second factors can also be bypassed, for example, by phishing [11] and push notifications [20]. Consequently, authentication attempts and all other steps within the authentication lifecycle have to be monitored [31] to identify attacks, such as what happened at FireEye in the case of SolarWinds' Orion attack [29,45]. In addition, users might try to avoid 2FA or apply less secure user behavior, such as sharing 2FA tokens due to usability issues, resulting in reduced security [7].…”

mentioning

confidence: 99%

Evaluation of Real-World Risk-Based Authentication at Online Services Revisited: Complexity Wins

Makowski,

Pöhn

2023

Proceedings of the 18th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

Risk-based authentication (RBA) aims to protect end-users against attacks involving stolen or otherwise guessed passwords without requiring a second authentication method all the time. Online services typically set limits on what is still seen as normal and what is not, as well as the actions taken afterward. Consequently, RBA monitors different features, such as geolocation and device during login. If the features' values differ from the expected values, then a second authentication method might be requested. However, only a few online services publish information about how their systems work. This hinders not only RBA research but also its development and adoption in organizations. In order to understand how the RBA systems online services operate, black box testing is applied. To verify the results, we re-evaluate the three large providers: Google, Amazon, and Facebook. Based on our test setup and the test cases, we notice differences in RBA based on account creation at Google. Additionally, several test cases rarely trigger the RBA system. Our results provide new insights into RBA systems and raise several questions for future work. CCS CONCEPTS• Security and privacy → Authentication; Web application security; Usability in security and privacy.

show abstract

mentioning

confidence: 99%

Evaluation of Real-World Risk-Based Authentication at Online Services Revisited: Complexity Wins

Makowski,

Pöhn

2023

Proceedings of the 18th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Combining SABSA and Vis4Sec to the Process Framework IdMSecMan to Continuously Improve Identity Management Security in Heterogeneous ICT Infrastructures

Cited by 1 publication

References 52 publications

Evaluation of Real-World Risk-Based Authentication at Online Services Revisited: Complexity Wins

Evaluation of Real-World Risk-Based Authentication at Online Services Revisited: Complexity Wins

Contact Info

Product

Resources

About