International Journal of Information Technology & Computer Science ( IJITCS )
Identity and Access Management (IdAM) Systems evolved as autonomous systems but the need for sharing of Personal Identity Verification (PIV) information and the collection, retention, use, and disposal of credentialing information has led to privacy and trust issues. This lack of trust has resulted in law enforcement personnel and first responders being denied access to facilities during emergency situations. This research seeks to investigate the privacy concerns and the utilization of trusted sources that IdAM systems require to adjudicate data. The papers further outlines the author’s research goals to incorporate systems thinking into IdAM designs, identify gaps in current design methodologies and proposes a system dynamics (SD) approach that begins to suggest how to mitigate privacy and trust concerns. SD is selected since real world complex system problems and system behaviors over time can be modeled using combinations of feedback loops, causal loop diagrams to illustrate interdependencies, stocks and flows, and temporal delays. Artifacts of the research include initial SD models and recommendations for infrastructure enhancements to support future designs .
: Access Control, Infrastructure Design, Privacy, System Dynamics, Systems Engineering, Systems Thinking, Trust .
- Libin, P., Defogging Identity-Based Access Control, in Security Technology & Design. 2006, Cygnus Business Media, Inc: Park Ridge, United States, Park Ridge. p. 20-22.
- Palmer, A.J., Criteria to Evaluate Automated Personal Identification Mechanisms. Computers & Security, 2008. 27(7–8): p. 260-284.
- Bryan, C., Privacy Impact Assessment (Amended) for the Security Threat Assessment for Airport Badge and Credential Holders. Report, 2006: p. 9.
- Chen, J., et al., Differentiated security levels for personal identifiable information in identity management system. Expert Systems with Applications, 2011. 38(11): p. 14156-14162.
- Gastaldo, E. Man Dies as Airport Security Doors Keep EMTs Away. 2013 [cited 2013 July 19, 2013]; Airport Security Doors deny access to EMT personnel resulting in the death of a passenger]. Available from: http://www.newser.com/story/171184/man-dies-as-airport-security-doors-keep-emts-away.html?utm_source=syn&utm_medium=goognews&utm_campaign=chan3_feed.
- CIO. Federal Identity, Credential, and Access Management (FICAM) Roadmap and Implementation Guidance. 2011 December 2, 2011; v2:. Available from: http://www.idmanagement.gov/sites/default/files/documents/FICAM_Roadmap_and_Implementation_Guidance_v2%200_20111202_0.pdf.
- Palmer, A.J., Approach for selecting the most suitable Automated Personal Identification Mechanism (ASMSA). Computers & Security, 2010. 29(7): p. 785-806.
- Farroha, B. and D. Farroha. Architecting dynamic privileges in protected systems through hardening Identity and Access Management. in Systems Conference (SysCon), 2012 IEEE International. 2012.
- Lazarick, R., Applications of Technology in Airport Access Control. IEEE, 2001: p. 11.
- Chehab, M.I. and A.E. Abdallah. Architectures for identity management. in Internet Technology and Secured Transactions, 2009. ICITST 2009. International Conference for. 2009.
- Prabhakar, S., S. Pankanti, and A.K. Jain, Biometric recognition: security and privacy concerns. Security & Privacy, IEEE, 2003. 1(2): p. 33-42.
- Gunter, C.A., D.M. Liebovitz, and B. Malin, Experience-Based Access Management: A Life-Cycle Framework for Identity and Access Management Systems. Security & Privacy, IEEE, 2011. 9(5): p. 48-55.
- SC-207, Integrated Security System Standard for Airport Access Control Systems. 2008, RTCA DO-230B: USA.
- D'Agostino, S., Engberg, D., Sinkov, A., Bernard, R, The Roles of Authentication, Authorization and Cryptography in Expanding Security Industry. SIA Quarterly Technical Update, 2005.
- Tilton, C. Use Case Specification: Transportation Worker Identification. 2006 July 11, 2012; 8]. Available from: https://www.oasis-open.org/committees/download.php/20952/TWIC%20Use%20Case%20v1-0.pdf.
- Kuklinski, T. and B. Monk. The Use of ID Reader-Authenticators in Secure Access Control and Credentialing. in Technologies for Homeland Security, 2008 IEEE Conference on. 2008.
- TSA. Guidance Package - Biometrics for Airport Access Control. 2005 [cited 1, 2, 3; 140]. Available from: http://www.acconline.org/documents/biometrics_guidance.pdf.
- David, M.W., G.A. Hussein, and K. Sakurai. Secure identity authentication and logical access control for airport information systems. in Security Technology, 2003. Proceedings. IEEE 37th Annual 2003 International Carnahan Conference on. 2003.
- Redpath, G. and G. McClure. The role of electronic security systems integration in airport management. in Security and Detection, 1997. ECOS 97., European Conference on. 1997.
- O'Mara, D.L., Multi-year Upgrade Focuses on CCTV. Security: Solutions for Enterprise Security Leaders, 2000. 37(8): p. 42.
- Wilson, D.L., Airport information systems security. Aerospace and Electronic Systems Magazine, IEEE, 2003. 18(4): p. 25-27.
- O'Bryon, J., et al, Fusion of Security System Data to Improve Airport Security. The National Academies, National Research Council, 2007: p. 83.
- Riley, J., Airport Access Control and Tracking, and the Aviation and Transportation Security Act. White Paper, 2008: p. 8.
- Alston, I. and S. Campbell. A Systems Engineering Approach for Security System Design. in Emerging Security Technologies (EST), 2010 International Conference on. 2010.
- Checkland, P., Systems Thinking, Systems Practice: includes Soft Systems Methodology: a 30-year Retrospective. 1 ed. 1999, West Essex, England: John Wiley & Sons Ltd. 424.
- Senge, P.M., The Fifth Discipline: The Art & Practice of the Learning Organization. 2006, USA: Doubleday. 446.
- Diedam, J., Access control: The process of securing a transportation site. Journal of Airport Management, 2009. 3(3): p. 263-273