Skip to content
/ DIWAR Public

DIWAR stands for Digital Identity Wallet Analysis and Risk assessment, is a tool that supports stakeholders involved in the context of Digital Identity Wallet ecosystem to assess the relevant threats for each and suggest mitigation controls.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Majid-Mollaeefar/DIWAR

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
.files
.files
 
 
.streamlit
.streamlit
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
config.py
config.py
 
 
icon.png
icon.png
 
 
logo.png
logo.png
 
 
requirements.txt
requirements.txt
 
 
risk.py
risk.py
 
 

Repository files navigation

Digital Identity Wallet Risk Assessment Tool (DIWAR)

This repository contains the source code of the DIWAR tool, which is described in our paper "Entity-based Risk Assessment: A European Digital Identity Wallet Use Case" preseneted to the 30th Nordic Conference on Secure IT Systems.

Prerequisites

  • Python 3.x
  • Dependencies listed in requirements.txt

Installation

  1. Clone the repository

  2. Create a virtual environment (recommended):

python -m venv .venv
source .venv/bin/activate  # On Windows use: .venv\Scripts\activate
  1. Install the required dependencies:
pip install -r requirements.txt

Project Structure

diwar/
├── .files/               # Configuration and data files
│   ├── threats_controls.json         # Mapping of threats to controls
│   ├── controls_mitigations.json     # Control implementation levels
│   ├── controls_dread.json          # DREAD scoring for controls
│   └── role_threats.json            # Role-specific threat mappings
├── config.py            # Application configuration
├── risk.py             # Main application logic
├── requirements.txt     # Project dependencies
├── icon.png            # Application icon
└── logo.png            # Application logo

Usage

  1. Run the Streamlit application:
streamlit run risk.py

  1. Navigate the interface:

    • Risk Assessment Tab: Evaluate risks for specific entities
    • Security Control View Tab: View controls and implementation requirements

  2. Perform Risk Assessment:

    • Select an entity (Issuer, Verifier, Wallet Provider, Holder)
    • Review associated threats
    • Set implementation levels for security controls
    • Generate and view risk assessment results

Control Implementation Levels

The following levels can be set for each control:

  • N/A: Not applicable
  • Basic: Fundamental implementation
  • Intermediate: Enhanced implementation
  • Advanced: Comprehensive implementation
  • Yes: For binary controls (implemented/not implemented)

Risk Assessment Process

  1. Entity Selection: Choose the stakeholder role to assess
  2. Control Evaluation: Set implementation levels for each control
  3. Risk Calculation: System calculates:
    • Impact and likelihood scores
    • Qualitative risk levels
    • Control effectiveness

Risk Matrix

The tool uses a qualitative risk matrix with the following levels:

  • Very Low (Green)
  • Low (Yellow)
  • Medium (Brown)
  • High (Light Red)
  • Critical (Dark Red)

About

DIWAR stands for Digital Identity Wallet Analysis and Risk assessment, is a tool that supports stakeholders involved in the context of Digital Identity Wallet ecosystem to assess the relevant threats for each and suggest mitigation controls.

Topics

security risk-analysis threat-modeling risk-assessment digitalwallet

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages