Add new publication

_data/destinations.yml

@@ -1098,6 +1098,15 @@
   startDate: "2024-09-25"
   endDate: "2024-09-27"
 
+- id: CRiSIS2024
+  name: 19th International Conference on Risks and Security of Internet and Systems
+  acronym: CRiSIS 2024
+  url: https://crisis2024.univ-gustave-eiffel.fr
+  type: conference
+  location: Aix-en-Provence, France
+  startDate: "2024-11-26"
+  endDate: "2024-11-28"
+
 - id: EUROSP2024
   name: 9th IEEE European Symposium on Security and Privacy
   acronym: EUROS&P 2024

_data/people.yml

@@ -242,6 +242,10 @@
   name: Daniel Ricardo
   surname: dos Santos
 
+- id: DanielaPöhn
+  name: Daniela
+  surname: Pöhn
+
 - id: DanieleDelSale
   name: Daniele
   surname: Del Sale
@@ -1077,6 +1081,10 @@
   name: Wendy
   surname: Barreto
 
+- id: WolfgangHommel
+  name: Wolfgang
+  surname: Hommel
+
 - id: WorachetUttha
   name: Worachet
   surname: Uttha

_data/publications.yml

@@ -2099,6 +2099,24 @@
   year: 2024
   #doi: 
 
+- id: CRiSIS2024
+  #id_iris: 348308
+  title: "Protecting Digital Identity Wallet: A Threat Model in the Age of eIDAS 2.0"
+  authors:
+    - AmirSharif
+    - ZahraEbadiAnsaroudi
+    - GiadaSciarretta
+    - DanielaPöhn
+    - MajidMollaeefar
+    - WolfgangHommel
+    - SilvioRanise
+  abstract: >
+    The revised eIDAS regulation (eIDAS 2.0) advocates a shift from federated identity management systems (such as SAML and OpenID Connect) to user-centric identity-based systems. It defines the European Digital Identity Wallet as a key component. The main goal is to enhance privacy by empowering citizens to selectively disclose personal data in a controlled way. To facilitate the implementation of an interoperable Wallet solution, the EU Commission published a reference architecture and identified a high-level set of requirements. However, comprehensive security and privacy guidelines to ensure a secure and privacy-preserving solution are still missing. To address this gap, we provide threat modeling explicitly designed for the Digital Identity Wallet context. This allows for identifying potential threats and a set of effective controls to secure the implementations.
+  destination: CRiSIS2024
+  year: 2024
+  #doi:
+  urlNews: /news/2024/10/09/paper-accepted-at-crisis-2024/
+
 - id: EUROSP2024
   id_iris: 351187
   title: "CSRFing the SSO Waves: Security Testing of SSO-Based Account Linking Process"

_news/2024-10-09-paper-accepted-at-crisis-2024.md

@@ -0,0 +1,13 @@
+---
+title: Paper accepted at CRiSIS 2024
+papers:
+    - CRiSIS2024
+
+people:
+    - AmirSharif
+    - ZahraEbadiAnsaroudi
+    - GiadaSciarretta
+    - MajidMollaeefar
+    - SilvioRanise
+
+---

_projects/POTENTIAL.md

@@ -1,6 +1,10 @@
 ---
 project: POTENTIAL
 website: https://www.digital-identity-wallet.eu/
+
+publications:
+  - CRiSIS2024
+
 ---
 POTENTIAL (*PilOTs for EuropeaN digiTal Identity wALlet*) develops pilots for testing the Digital Identity Wallet in Europe. The large scale pilot ambition is to provide people with a way to simplify online procedures like opening a bank account, renting a car or signing documents remotely. 
 

_projects/STRIDE.md

@@ -13,6 +13,7 @@ publications:
     - EUROSP2024
     - SECRYPT2024
     - iMETA2024
+    - CRiSIS2024
 
 ---
 In the scope of the Italian Partnership - Partenariato Esteso "Security and Rights in CyberSpace" (SeRiCS), FBK is participating in the "Spoke 5: Cryptography and Distributed Systems Security" project "Secure and TRaceable Identities in Distributed Environments (STRIDE)".

_topics/IdentityManagement.md

@@ -34,6 +34,7 @@ publications:
     - EUROSP2024
     - iMETA2024
     - IEEE_SP2024
+    - CRiSIS2024
 
 theses:
     - DamianoSartori_B