Figure 3: Z3 specification with variables and result (on the right).
that formal methods can enhance information security
by leveraging product family algebra and Satisfiability
Modulo Theories (SMT) to verify user access. Addi-
tionally, we address the risk associated with disclosing
specific identity attributes, thereby enhancing privacy
protection and adhering to the need-to-know principle.
We show that Max weighted SMT automates and re-
solves the disclosure of identity attributes with minimal
risk, facilitated by the Z3 solver.
This approach can be integrated into a decentral-
ized identity management system, which will be the
next step in our research. We also plan to refine this ap-
proach by considering the creation of verifiable presen-
tations from verifiable credentials, including attribute
aggregation where possible.
REFERENCES
Ahn, G.-J. and Sekar, P. (2011). Ontology-based risk eval-
uation in user-centric identity management. In 2011
IEEE International Conference on Communications
(ICC), pages 1–5. IEEE.
Chang, K. C., Zaeem, R. N., and Barber, K. S. (2018). En-
hancing and evaluating identity privacy and authenti-
cation strength by utilizing the identity ecosystem. In
Proceedings of the 2018 Workshop on Privacy in the
Electronic Society, pages 114–120.
De Moura, L. and Bjørner, N. (2011). Satisfiability modulo
theories: introduction and applications. volume 54,
pages 69–77. ACM New York, NY, USA.
de Moura, L., Dutertre, B., and Shankar, N. (2007). A tu-
torial on satisfiability modulo theories: (invited tuto-
rial). In International conference on computer aided
verification, pages 20–36. Springer.
H
¨
ofner, P., Khedri, R., and M
¨
oller, B. (2011). An algebra
of product families. Software & Systems Modeling,
10:161–182.
Jafari-Lafti, M., Huang, C.-T., and Farkas, C. (2009). P2f:
A user-centric privacy protection framework. In 2009
International Conference on Availability, Reliability
and Security, pages 386–391. IEEE.
Li, Y., Fu, Y., Du, Z., and Cai, Z. (2022). An access control
scheme based on decentralized identifiers and verifi-
able credentials in iot. In 2022 3rd International Con-
ference on Computer Science and Management Tech-
nology (ICCSMT), pages 279–283. IEEE.
Lim, S., Rhie, M.-H., Hwang, D., and Kim, K.-H.
(2021). A subject-centric credential management
method based on the verifiable credentials. In 2021
International Conference on Information Networking
(ICOIN), pages 508–510. IEEE.
Manu, S., Dave, L., David, C., and Orie, S. (2024). Veri-
fiable credentials data model v2.0. Draft Community
Group Report.
Manu, S., Dave, L., Markus, S., Drummond, R., Orie, S.,
and Christopher, A. (2022). Decentralized identifiers
(dids) v1.0 : Core architecture, data model, and repre-
sentations.
Xu, L., Li, T., and Erkin, Z. (2023). Verifiable creden-
tials with privacy-preserving tamper-evident revoca-
tion mechanism. In 2023 Fifth International Con-
ference on Blockchain Computing and Applications
(BCCA), pages 266–273. IEEE.
Zaeem, R. N., Budalakoti, S., Barber, K. S., Rasheed, M.,
and Bajaj, C. (2016). Predicting and explaining iden-
tity risk, exposure and cost using the ecosystem of
identity attributes. In 2016 IEEE International Car-
nahan Conference on Security Technology (ICCST),
pages 1–8. IEEE.
Toward the Foundation of Digital Identity Theory
819