Risk analysis of host identity protocol

Juha Sääskilahti, Mikko Särelä
2010 Proceedings of the Fourth European Conference on Software Architecture Companion Volume - ECSA '10  
In this study we develop a Risk Identification method based on Value Chain Dynamics Toolkit (VCDT) and apply it on Risk Analysis of HIP protocol in simple host-server scenario. The new Risk Identification method consists of following steps: Definition, Solutions & Actors, Deconstruct, Illustrations and Risks -Threats & Vulnerabilities. Mind maps (with templates) and visualization tools (e.g. Powerpoint) are used as aid. The HIP Risk Analysis revealed no new risks inherent to protocol itself. A
more » ... umber of potential risks in a typical deployment were identified. These risks should be analyzed and mitigated in an actual HIP deployment scenario. The new Risk Identification method worked quite nicely. Particularly beneficial in the new method were the knowledge transfer, structuring of the interviews and visualization of the value chain. Further study would be required on how to cover trust-and privacy aspects, how to improve ease of documentation and how to step from risk identification to security testing.
doi:10.1145/1842752.1842794 dblp:conf/ecsa/SaaskilahtiS10 fatcat:7qpoc64625atjnc62ctdu47eu4