{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T23:46:33Z","timestamp":1775432793965,"version":"3.50.1"},"publisher-location":"Cham","reference-count":26,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783032147813","type":"print"},{"value":"9783032147820","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-3-032-14782-0_24","type":"book-chapter","created":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T22:53:48Z","timestamp":1775429628000},"page":"443-462","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Multi-entity Control-Based Risk Assessment: A European Digital Identity Wallet Use Case"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0277-3029","authenticated-orcid":false,"given":"Majid","family":"Mollaeefar","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6290-3588","authenticated-orcid":false,"given":"Amir","family":"Sharif","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8921-4480","authenticated-orcid":false,"given":"Zahra Ebadi","family":"Ansaroudi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7567-4526","authenticated-orcid":false,"given":"Giada","family":"Sciarretta","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0308-0080","authenticated-orcid":false,"given":"Francesco Antonio","family":"Marino","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7269-9285","authenticated-orcid":false,"given":"Silvio","family":"Ranise","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,4,1]]},"reference":[{"key":"24_CR1","unstructured":"Digital identity risk management. NIST Special Publication 800-63-4 (2024). available at https:\/\/pages.nist.gov\/800-63-4\/sp800-63\/dirm\/. Accessed 27 Aug 2025"},{"key":"24_CR2","unstructured":"DIWAR Tool source code. https:\/\/anonymous.4open.science\/r\/DIWAR-D4EF 2025"},{"key":"24_CR3","unstructured":"OpenID Foundation. https:\/\/openid.net (2025). Accessed 27 Aug 2025"},{"key":"24_CR4","unstructured":"PilOTs for EuropeaN digiTal Identity wALlet. https:\/\/www.digital-identity-wallet.eu (2025). Accessed 27 Aug 2025"},{"key":"24_CR5","unstructured":"World Wide Web Consortium. https:\/\/w3.org (2025). Accessed 27 Aug 2025"},{"key":"24_CR6","doi-asserted-by":"crossref","unstructured":"Albakri, S.H., Shanmugam, B., Samy, G.N., Idris, N.B., Ahmed, A.: Security risk assessment framework for cloud computing environments. Secur. Commun. Netw. 7(11):2114\u20132124 (2014)","DOI":"10.1002\/sec.923"},{"key":"24_CR7","doi-asserted-by":"crossref","unstructured":"Alberts, C., Dorofee, A., Stevens, J., Woody, C.: Introduction to the octave approach (2003)","DOI":"10.21236\/ADA634134"},{"key":"24_CR8","unstructured":"European Union. Regulation of the European Parliament and of The Council Amending Regulation (Eu) No 910\/2014 as Regards Establishing a Framework for a European Digital Identity. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/?uri=CELEX:52021PC0281 (2021). Accessed 27 Aug 2025"},{"key":"24_CR9","unstructured":"European Union. COMMISSION IMPLEMENTING REGULATION (EU) 2024\/2981. https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/HTML\/?uri=OJ:L_202402981#anx_I (2024). Accessed 27 Aug 2025"},{"key":"24_CR10","unstructured":"European Union. The European Digital Identity Wallet. https:\/\/eu-digital-identity-wallet.github.io\/eudi-doc-architecture-and-reference-framework\/1.7.1\/ (2025). Accessed 27 Aug 2025"},{"key":"24_CR11","unstructured":"Jones, J.: An introduction to the fair controls analytics model (fair-cam). FAIR Institute White Paper, 2021. Available via the FAIR-CAM information page"},{"key":"24_CR12","unstructured":"Jones, J.A.: An introduction to factor analysis of information risk (fair). Norwich Univ. J. Inform. Assur. (NUJIA) 2(1), (2006)"},{"issue":"5","key":"24_CR13","doi-asserted-by":"publisher","first-page":"1691","DOI":"10.3390\/s21051691","volume":"21","author":"G Kavallieratos","year":"2021","unstructured":"Kavallieratos, G., Spathoulas, G., Katsikas, S.: Cyber risk propagation and optimal selection of cybersecurity controls for complex cyberphysical systems. Sensors 21(5), 1691 (2021)","journal-title":"Sensors"},{"key":"24_CR14","doi-asserted-by":"crossref","unstructured":"Last, Y., Arias-Cabarcos, P.: Vision: towards true user-centric design for digital identity wallets. In: Proceedings of the Symposium on Usable Security and Privacy (USEC) 2025, San Diego, CA, USA, February 2025. Paderborn University, Germany (2025)","DOI":"10.14722\/usec.2025.23001"},{"key":"24_CR15","doi-asserted-by":"publisher","DOI":"10.1017\/dap.2023.41","volume":"5","author":"A Le","year":"2023","unstructured":"Le, A., Epiphaniou, G., Maple, C.: A comparative cyber risk analysis between federated and self-sovereign identity management systems. Data Policy 5, e38 (2023)","journal-title":"Data Policy"},{"issue":"6","key":"24_CR16","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1109\/MSP.2006.145","volume":"4","author":"P Mell","year":"2007","unstructured":"Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system. IEEE Secur. Priv. 4(6), 85\u201389 (2007)","journal-title":"IEEE Secur. Priv."},{"key":"24_CR17","unstructured":"MICROSOFT. DREAD Methodology. https:\/\/learn.microsoft.com\/en-us\/windows-hardware\/drivers\/driversecurity\/threat-modeling-for-drivers. Accessed 27 Aug 2025"},{"key":"24_CR18","unstructured":"Mollaeefar, M.: Multi-entity Control-based Risk Assessment: A European Digital Identity Wallet Use Case. http:\/\/st.fbk.eu\/complementary\/NORDSEC2025\/ (2025)"},{"key":"24_CR19","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2023.103206","volume":"129","author":"M Mollaeefar","year":"2023","unstructured":"Mollaeefar, M., Ranise, S.: Identifying and quantifying trade-offs in multi-stakeholder risk evaluation with applications to the data protection impact assessment of the gdpr. Comput. Secur. 129, 103206 (2023)","journal-title":"Comput. Secur."},{"key":"24_CR20","doi-asserted-by":"crossref","unstructured":"Mollaeefar, M., Siena, A., Ranise, S., et\u00a0al.: Multi-stakeholder cybersecurity risk assessment for data protection. In: Proceedings of the 17th International Conference on Security and Cryptography-Volume 3: SECRYPT, pp. 349\u2013356 (2020)","DOI":"10.5220\/0009822703490356"},{"key":"24_CR21","doi-asserted-by":"crossref","unstructured":"Naik, N., Grace, P., Jenkins, P.: An attack tree based risk analysis method for investigating attacks and facilitating their mitigations in self-sovereign identity. In: 2021 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1\u20138. IEEE (2021)","DOI":"10.1109\/SSCI50451.2021.9659929"},{"key":"24_CR22","unstructured":"OWASP. Risk rating methodology"},{"key":"24_CR23","doi-asserted-by":"crossref","unstructured":"Rajbhandari, L., Snekkenes, E.: Intended actions: risk is conflicting incentives. In: International Conference on Information Security, pp. 370\u2013386. Springer (2012)","DOI":"10.1007\/978-3-642-33383-5_23"},{"key":"24_CR24","doi-asserted-by":"crossref","unstructured":"Sharif, A., et al.: Protecting digital identity wallet: a threat model in the age of eidas 2.0. In: International Conference on Risks and Security of Internet and Systems, pp. 89\u2013106. Springer, Cham (2025)","DOI":"10.1007\/978-3-031-89350-6_6"},{"key":"24_CR25","unstructured":"Shostack, A.: Experiences threat modeling at microsoft. MODSEC@ MoDELS (2008)"},{"issue":"3","key":"24_CR26","doi-asserted-by":"publisher","first-page":"509","DOI":"10.1007\/s10207-021-00566-3","volume":"21","author":"L Zhang","year":"2022","unstructured":"Zhang, L., Taal, A., Cushing, R., de Laat, C., Grosso, P.: A risk-level assessment system based on the stride\/dread model for digital data marketplaces. Int. J. Inf. Secur. 21(3), 509\u2013525 (2022)","journal-title":"Int. J. Inf. Secur."}],"container-title":["Lecture Notes in Computer Science","Secure IT Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-032-14782-0_24","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T22:53:51Z","timestamp":1775429631000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-032-14782-0_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9783032147813","9783032147820"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-032-14782-0_24","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 April 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NordSec","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Nordic Conference on Secure IT Systems","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Tartu","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Estonia","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12 November 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 November 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nordsec2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/nordsec2025.cs.ut.ee\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}