A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements

@article{Deng2010APT,
  title={A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements},
  author={Mina Deng and Kim Wuyts and Riccardo Scandariato and Bart Preneel and Wouter Joosen},
  journal={Requirements Engineering},
  year={2010},
  volume={16},
  pages={3-32}
}
Ready or not, the digitalization of information has come, and privacy is standing out there, possibly at stake. Although digital privacy is an identified priority in our society, few systematic, effective methodologies exist that deal with privacy threats thoroughly. This paper presents a comprehensive framework to model privacy threats in software-based systems. First, this work provides a systematic methodology to model privacy-specific threats. Analogous to STRIDE, an information flow… 
Privacy-by-design based on quantitative threat modeling
TLDR
The overall objective, is to provide architects of privacy-respecting systems with a set of quantitative and automated tools to help decide across functional system requirements and the corresponding trade-offs, that should be taken into account before the actual deployment of their services.
Empirical evaluation of a privacy-focused threat modeling methodology
Interaction-Based Privacy Threat Elicitation
TLDR
A LINDDUN extension is presented that implements interaction-based privacy threat elicitation and argumentation is provided on how this approach leads to better process guidance and more concrete interpretation of privacy threat types, ultimately requiring less effort and expertise.
Privacy Risk Analysis
TLDR
This book is an excellent resource for anyone developing and/or currently running a risk analysis as it defines the notions, requirements, and main steps of conducting a privacy risk analysis.
A Problem-Based Approach for Computer-Aided Privacy Threat Identification
TLDR
The ProPAn method is an approach for identifying privacy threats during the requirements analysis of software systems using problem frame models that allows a computer aided privacy threat identification that is derived from the relations between stakeholders, technology, and personal information in the system-to-be.
Towards Systematic Privacy and Operability (PRIOP) Studies
TLDR
This paper proposes a method called privacy and operability (PRIOP) studies that allows to systematically analyze the potential privacy issues that a software to be developed might raise, based on the software’s functionality at the requirements level.
LINDDUN GO: A Lightweight Approach to Privacy Threat Modeling
TLDR
The availability of lightweight privacy analysis approaches reduces the initial effort to start privacy threat modeling and can therefore enable a more wide-spread adoption of system privacy assessments in practice.
Identifying Privacy Risks in Distributed Data Services: A Model-Driven Approach
TLDR
A general purpose privacy model and methodology is presented that can be used to analyse and identify privacy risks in systems that comprise both access control and data pseudonymization enforcement technologies.
A model-based approach to support privacy compliance
TLDR
The authors demonstrate the usefulness and applicability of the extension mechanisms in specifying key aspects of privacy principles as assumptions and requirements, as well as in providing criteria for the evaluation of these aspects to assess whether the model meets these requirements.
Knowledge is Power: Systematic Reuse of Privacy Knowledge for Threat Elicitation
TLDR
The problems of current knowledge bases, such as limited semantics and lack of instantiation logic, are highlighted, and the requirements for a privacy threat knowledge base that streamlines threat elicitation efforts are discussed.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 105 REFERENCES
Addressing privacy requirements in system design: the PriS method
TLDR
PriS is described, a security requirements engineering method, which incorporates privacy requirements early in the system development process and provides a holistic approach from ‘high-level’ goals to ‘privacy-compliant’ IT systems.
Security and privacy requirements analysis within a social setting
  • Lin Liu, E. Yu, J. Mylopoulos
  • Computer Science
    Proceedings. 11th IEEE International Requirements Engineering Conference, 2003.
  • 2003
TLDR
A methodological framework for dealing with security and privacy requirements based on i*, an agent-oriented requirements modeling language is proposed, which supports a set of analysis techniques and helps identify potential system abusers and their malicious intents.
Linking Privacy Solutions to Developer Goals
TLDR
This paper attempts to scope the privacy landscape for software engineering by proposing an operational definition for privacy and by describing a privacy taxonomy, which is rooted in the definition and presents a classification of privacy objectives, which correspond to the developer's goals.
Computer-Aided Privacy Requirements Elicitation Technique
TLDR
The goal of the PRET tool is to accelerate the elicitation process and prevent privacy requirements leaks by using a general privacy requirements database derived from privacy laws and empirical privacy requirements.
Designing for privacy and other competing requirements
TLDR
A framework to model the way agents interact with each other to achieve their goals based on the i* framework is presented and it is shown how one can model privacy concerns for each agent and the different alternatives for operationalizing it.
Privacy-enhancing identity management
Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project
TLDR
Two key elements of the PRIME identity management systems are described: anonymous credentials and policy languages that fully exploit the advanced functionality offered by anonymous credentials.
k-Anonymity: A Model for Protecting Privacy
  • L. Sweeney
  • Computer Science
    Int. J. Uncertain. Fuzziness Knowl. Based Syst.
  • 2002
TLDR
The solution provided in this paper includes a formal protection model named k-anonymity and a set of accompanying policies for deployment and examines re-identification attacks that can be realized on releases that adhere to k- anonymity unless accompanying policies are respected.
Analyzing Website privacy requirements using a privacy goal taxonomy
TLDR
A privacy goal taxonomy is introduced and the analysis of 23 Internet privacy policies for companies in three health care industries: pharmaceutical, health insurance and online drugstores is reported.
A Taxonomy of Privacy
Privacy is a concept in disarray. Nobody can articulate what it means. As one commentator has observed, privacy suffers from an embarrassment of meanings. Privacy is far too vague a concept to guide
...
1
2
3
4
5
...