{"title":"应用隐私模型(MAP):基于角色的威胁建模方法","authors":"Jayati Dev, Bahman Rashidi, Vaibhav Garg","doi":"10.1145/3544548.3581484","DOIUrl":null,"url":null,"abstract":"The paradigm of Privacy by Design aims to integrate privacy early in the product development life cycle. One element of this is to conduct threat modeling with developers to identify privacy threats that engender from the architecture design of the product. In this paper, we propose a systematic lightweight privacy threat modeling framework (MAP) based on attacker personas that is both easy to operationalize and scale. MAP leverages existing privacy threat frameworks to provide an operational roadmap based on relevant threat actors, associated threats, and resulting harm to individuals as well as organizations. We implement MAP as a persona picker tool that threat modelers can use as a menu select to identify, investigate, and remediate relevant threats based on product developer’s scope of privacy risk. We conclude by testing the framework using a repository of 207 privacy breaches extracted from the VERIS Community Database.","PeriodicalId":314098,"journal":{"name":"Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-04-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Models of Applied Privacy (MAP): A Persona Based Approach to Threat Modeling\",\"authors\":\"Jayati Dev, Bahman Rashidi, Vaibhav Garg\",\"doi\":\"10.1145/3544548.3581484\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The paradigm of Privacy by Design aims to integrate privacy early in the product development life cycle. One element of this is to conduct threat modeling with developers to identify privacy threats that engender from the architecture design of the product. In this paper, we propose a systematic lightweight privacy threat modeling framework (MAP) based on attacker personas that is both easy to operationalize and scale. MAP leverages existing privacy threat frameworks to provide an operational roadmap based on relevant threat actors, associated threats, and resulting harm to individuals as well as organizations. We implement MAP as a persona picker tool that threat modelers can use as a menu select to identify, investigate, and remediate relevant threats based on product developer’s scope of privacy risk. We conclude by testing the framework using a repository of 207 privacy breaches extracted from the VERIS Community Database.\",\"PeriodicalId\":314098,\"journal\":{\"name\":\"Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-04-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3544548.3581484\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3544548.3581484","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Models of Applied Privacy (MAP): A Persona Based Approach to Threat Modeling
The paradigm of Privacy by Design aims to integrate privacy early in the product development life cycle. One element of this is to conduct threat modeling with developers to identify privacy threats that engender from the architecture design of the product. In this paper, we propose a systematic lightweight privacy threat modeling framework (MAP) based on attacker personas that is both easy to operationalize and scale. MAP leverages existing privacy threat frameworks to provide an operational roadmap based on relevant threat actors, associated threats, and resulting harm to individuals as well as organizations. We implement MAP as a persona picker tool that threat modelers can use as a menu select to identify, investigate, and remediate relevant threats based on product developer’s scope of privacy risk. We conclude by testing the framework using a repository of 207 privacy breaches extracted from the VERIS Community Database.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
