Model-Driven Security Analysis of Self-Sovereign Identity Systems
Yepeng Ding, Hiroyuki Sato
TL;DR
The paper addresses the lack of systematic security analysis for self-sovereign identity architectural patterns. It proposes a model-driven framework that formalizes patterns and threats as Labeled Transition Systems on system graphs and verifies security properties via model checking, with automatic generation of Java skeletons. A threat model comprising passive and active attacks is defined and instantiated over eight common SSI patterns, and SecureSSI, a standalone IDE, demonstrates typical vulnerable patterns and attacker models to support practical assessment of SSI deployments. This work enables rigorous, reusable security analysis for evolving SSI architectures and provides tooling to bridge formal verification with real-world implementation.
Abstract
Best practices of self-sovereign identity (SSI) are being intensively explored in academia and industry. Reusable solutions obtained from best practices are generalized as architectural patterns for systematic analysis and design reference, which significantly boosts productivity and increases the dependability of future implementations. For security-sensitive projects, architects make architectural decisions with careful consideration of security issues and solutions based on formal analysis and experiment results. In this paper, we propose a model-driven security analysis framework for analyzing architectural patterns of SSI systems with respect to a threat model built on our investigation of real-world security concerns. Our framework mechanizes a modeling language to formalize patterns and threats with security properties in temporal logic and automatically generates programs for verification via model checking. Besides, we present typical vulnerable patterns verified by SecureSSI, a standalone integrated development environment, integrating commonly used pattern and attacker models to practicalize our framework.