Models of Applied Privacy (MAP): A Persona Based Approach to Threat Modeling

要旨

The paradigm of Privacy by Design aims to integrate privacy early in the product development life cycle. One element of this is to conduct threat modeling with developers to identify privacy threats that engender from the architecture design of the product. In this paper, we propose a systematic lightweight privacy threat modeling framework (MAP) based on attacker personas that is both easy to operationalize and scale. MAP leverages existing privacy threat frameworks to provide an operational roadmap based on relevant threat actors, associated threats, and resulting harm to individuals as well as organizations. We implement MAP as a persona picker tool that threat modelers can use as a menu select to identify, investigate, and remediate relevant threats based on product developer’s scope of privacy risk. We conclude by testing the framework using a repository of 207 privacy breaches extracted from the VERIS Community Database.

著者
Jayati Dev
Comcast, Philadelphia, Pennsylvania, United States
Bahman Rashidi
Comcast, Philadelphia, Pennsylvania, United States
Vaibhav Garg
Comcast, Philadelphia, Pennsylvania, United States
論文URL

https://doi.org/10.1145/3544548.3581484

動画

会議: CHI 2023

The ACM CHI Conference on Human Factors in Computing Systems (https://chi2023.acm.org/)

セッション: Digital Safety

Hall G2
6 件の発表
2023-04-25 20:10:00
2023-04-25 21:35:00