The paradigm of Privacy by Design aims to integrate privacy early in the product development life cycle. One element of this is to conduct threat modeling with developers to identify privacy threats that engender from the architecture design of the product. In this paper, we propose a systematic lightweight privacy threat modeling framework (MAP) based on attacker personas that is both easy to operationalize and scale. MAP leverages existing privacy threat frameworks to provide an operational roadmap based on relevant threat actors, associated threats, and resulting harm to individuals as well as organizations. We implement MAP as a persona picker tool that threat modelers can use as a menu select to identify, investigate, and remediate relevant threats based on product developer’s scope of privacy risk. We conclude by testing the framework using a repository of 207 privacy breaches extracted from the VERIS Community Database.
https://doi.org/10.1145/3544548.3581484
The ACM CHI Conference on Human Factors in Computing Systems (https://chi2023.acm.org/)