Self-Sovereign Identity (SSI) platforms expose a new, decentralised trust stack—but they also introduce a novel attack surface spanning edge agents, verifiable credential registries and protocol bridges. However, the question of how to secure these architectural systems remains largely unexplored in the scientific literature, which focuses more on the functionalities they offer. And even when this is the case, current research does not always guarantee the traceability of security measures to the targeted security objectives. We propose an integrated decision framework that aligns business risk appetite with concrete defensive actions. Security attributes derived from the SABSA model anchor an attack graph instantiated with MITRE ATT&CK techniques; candidate controls are drawn from the ATT&CK and D3FEND corpus. A mixed-integer non-linear programming selects the minimum-cost control portfolio that keeps each attribute’s residual risk below its governance - defined threshold. The optimiser is embedded in a parametric Monte-Carlo simulation that quantifies the probability of exceeding a global loss limit under uncertain attack likelihood and control effectiveness. The model provides an auditable chain from budget spent to the security objective it protects, reconciling divergent scholarly assessments and delivering a reproducible, business-aligned strategy for securing SSI architecture.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Towards a Pragmatic Selection of Self-sovereign Identity Security Measures: Exploiting Mitre Att&ck Graph and Multi-criteria Optimization

  • Saha Fobougong Pierre,
  • Mejri Mohamed,
  • Adi Kamel

摘要

Self-Sovereign Identity (SSI) platforms expose a new, decentralised trust stack—but they also introduce a novel attack surface spanning edge agents, verifiable credential registries and protocol bridges. However, the question of how to secure these architectural systems remains largely unexplored in the scientific literature, which focuses more on the functionalities they offer. And even when this is the case, current research does not always guarantee the traceability of security measures to the targeted security objectives. We propose an integrated decision framework that aligns business risk appetite with concrete defensive actions. Security attributes derived from the SABSA model anchor an attack graph instantiated with MITRE ATT&CK techniques; candidate controls are drawn from the ATT&CK and D3FEND corpus. A mixed-integer non-linear programming selects the minimum-cost control portfolio that keeps each attribute’s residual risk below its governance - defined threshold. The optimiser is embedded in a parametric Monte-Carlo simulation that quantifies the probability of exceeding a global loss limit under uncertain attack likelihood and control effectiveness. The model provides an auditable chain from budget spent to the security objective it protects, reconciling divergent scholarly assessments and delivering a reproducible, business-aligned strategy for securing SSI architecture.