Towards a Pragmatic Selection of Self-sovereign Identity Security Measures: Exploiting Mitre Att&ck Graph and Multi-criteria Optimization
摘要
Self-Sovereign Identity (SSI) platforms expose a new, decentralised trust stack—but they also introduce a novel attack surface spanning edge agents, verifiable credential registries and protocol bridges. However, the question of how to secure these architectural systems remains largely unexplored in the scientific literature, which focuses more on the functionalities they offer. And even when this is the case, current research does not always guarantee the traceability of security measures to the targeted security objectives. We propose an integrated decision framework that aligns business risk appetite with concrete defensive actions. Security attributes derived from the SABSA model anchor an attack graph instantiated with MITRE ATT&CK techniques; candidate controls are drawn from the ATT&CK and D3FEND corpus. A mixed-integer non-linear programming selects the minimum-cost control portfolio that keeps each attribute’s residual risk below its governance - defined threshold. The optimiser is embedded in a parametric Monte-Carlo simulation that quantifies the probability of exceeding a global loss limit under uncertain attack likelihood and control effectiveness. The model provides an auditable chain from budget spent to the security objective it protects, reconciling divergent scholarly assessments and delivering a reproducible, business-aligned strategy for securing SSI architecture.