Internet Archive Scholar

Knowledge is Power: Systematic Reuse of Privacy Knowledge for Threat Elicitation

Kim Wuyts, Laurens Sion, Dimitri Van Landuyt, Wouter Joosen
2019 2019 IEEE Security and Privacy Workshops (SPW)  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (253.2 kB)
https://web.archive.org/web/20210428233808/https://lirias2repo.kuleuven.be/bitstream/handle/123456789/636367/IWPE19_wuyts_authorversion.pdf;jsessionid=4BC757941DD0B77BAF85BA15306148C0?sequence=2

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Privacy threat modeling is difficult. Identifying relevant threats that cause privacy harm requires an extensive assessment of common potential privacy issues for all elements in the system-under-analysis. In practice, the outcome of a threat modeling exercise thus strongly depends on the level of experience and expertise of the analyst. However, capturing (at least part of) this privacy expertise in a reusable threat knowledge base (i.e. an inventory of common threat types), such as LINDDUN's
more » ... nd STRIDE's threat trees, can greatly improve the efficiency of the threat elicitation process and the overall quality of identified threats. In this paper, we highlight the problems of current knowledge bases, such as limited semantics and lack of instantiation logic, and discuss the requirements for a privacy threat knowledge base that streamlines threat elicitation efforts.
doi:10.1109/spw.2019.00025 dblp:conf/sp/WuytsSLJ19 fatcat:l73jsvup5zhq3lsgzwbzzigav4
Citation

Kim Wuyts, Laurens Sion, Dimitri Van Landuyt, Wouter Joosen. "Knowledge is Power: Systematic Reuse of Privacy Knowledge for Threat Elicitation." 2019 IEEE Security and Privacy Workshops (SPW) (2019) 80-83