Author:

Keywords:

C24/17/005#54270874

Abstract:

Privacy threat modeling is difficult. Identifying relevant threats that cause privacy harm requires an extensive assessment of common potential privacy issues for all elements in the system-under-analysis. In practice, the outcome of a threat modeling exercise thus strongly depends on the level of experience and expertise of the analyst. However, capturing (at least part of) this privacy expertise in a reusable threat knowledge base (i.e. an inventory of common threat types), such as LINDDUN's and STRIDE's threat trees, can greatly improve the efficiency of the threat elicitation process and the overall quality of identified threats. In this paper, we highlight the problems of current knowledge bases, such as limited semantics and lack of instantiation logic, and discuss the requirements for a privacy threat knowledge base that streamlines threat elicitation efforts.