Towards Privacy Taxonomy-Based Attack Tree Analysis for the Protection of Consumer Information Privacy

Abstract

There is a strong legal and ethical imperative for organisations to protect consumer information privacy. In this paper we present a method called privacy taxonomy-based attack tree analysis (PTATA). PTATA involves the combination of privacy violation taxonomies and attack trees. It assists organisations in protecting information privacy by providing a means to analyze weaknesses in their protective measures. We define privacy violation taxonomies, as well as review attack trees, and illustrate the practical implementation of PTATA through example scenarios. The advantages and drawbacks to our method are also discussed. The paper ends with future research which may build on this work.