LINDDUN GO: A Lightweight Approach to Privacy Threat Modeling

Wuyts, Kim; Sion, Laurens; Joosen, Wouter

doi:10.1109/eurospw51379.2020.00047

Cited by 48 publications

(51 citation statements)

References 14 publications

(25 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This can help us prioritize and decide what privacy-aware architectural strategies can be used and how it can be implemented. Our threat model appears to be simpler than the LINDDUN model [29] but we understand that identifiability is the ultimate risk as the consequence of linkability, detectability, unawareness is also identifiability and inference. We believe that our proposed formulation is applicable to avoid privacy risks for disclosure of information and in data sharing.…”

Section: Threat Model and Assumptionsmentioning

confidence: 96%

“…The more commonly used terminology is unlinkability described from an adversary's perspective, specifying the before and after states of an adversary observing the system which can be quantified as perfect preservation of unlinkability [20]. As pointed out earlier, the ultimate privacy harm associated with linkability is that it can lead to identifiability if too much linkable information is combined or can lead to a potential inference if a link to a sensitive attribute is revealed [29].…”

Section: Formulationmentioning

confidence: 99%

See 1 more Smart Citation

Utilizing Shannon's Entropy to Create Privacy Aware Architectures

Palia¹,

Tandon²,

Mathis³

2021

Preprint

View full text Add to dashboard Cite

Privacy is an individual's choice to determine which personal details can be collected, used and shared. Individual consent and transparency are the core tenets for earning customers' trust and this motivates the organizations to adopt privacy enhancing practices while creating the systems. The goal of a privacy-aware design is to protect information in a way that does not increase an adversary's existing knowledge about an individual beyond what is permissible. This becomes critical when these data elements can be linked with the wealth of auxiliary information available outside the system to identify an individual. Privacy regulations around the world provide directives to protect individual privacy but are generally complex and vague, making their translation into actionable and technical privacy-friendly architectures challenging. In this paper, we utilize Shannon's Entropy (SE) to create an objective metric that can help simplify the state-of-the-art Privacy Design Strategies proposed in the literature and aid our key technical design decisions to create privacy aware architectures.

show abstract

Section: Threat Model and Assumptionsmentioning

confidence: 96%

Section: Formulationmentioning

confidence: 99%

Utilizing Shannon's Entropy to Create Privacy Aware Architectures

Palia¹,

Tandon²,

Mathis³

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Risk management in the context of security often draws from a practice called threat modelling to anticipate likely attackers, incident pathways, possible consequences of attacks and best ways to respond to them. The techniques under the umbrella of threat modelling vary; from qualitative expert workshops (Wuyts et al, 2020), through mathematical models based on probabilities (Markov chains, game theory) to graphical representations (in the forms of tables, data flow diagrams and attack trees), with some threat modelling techniques promising full automation and quantification of risks (Tatam et al, 2021).…”

Section: Theoretical Frameworkmentioning

confidence: 99%

“…However, as cyber security 'spills out' beyond simply protecting computers, there is a call for broadening the scope of threat modelling. Critical social scientists argued for anticipating risks of emerging technologies by including non-experts (Slupska et al, 2021), understanding security in tandem with privacy and surveillance (Kazansky, 2021;Wuyts et al, 2020), and approaching non-human actors (code, hardware, algorithms) as active co-creators of geopolitics (Dwyer, 2021;Fouad, 2021). The strength of such a 'critical threat modelling' approach would then lie in the capacity to imagine and anticipate a wide range of outcomes and curate a space for explicitly normative discussions about living with digital technologies.…”

Section: Theoretical Frameworkmentioning

confidence: 99%

When the future meets the past: Can safety and cyber security coexist in modern critical infrastructures?

2022

View full text Add to dashboard Cite

Big data technologies are entering the world of ageing computer systems running critical infrastructures. These innovations promise to afford rapid Internet connectivity, remote operations or predictive maintenance. As legacy critical infrastructures were traditionally disconnected from the Internet, the prospect of their modernisation necessitates an inquiry into cyber security and how it intersects with traditional engineering requirements like safety, reliability or resilience. Looking at how the adoption of big data technologies in critical infrastructures shapes understandings of risk management, we focus on a specific case study from the cyber security governance: the EU Network and Information Systems Security Directive. We argue that the implementation of Network and Information Systems Security Directive is the first step in the integration of safety and security through novel risk management practices. Therefore, it is the move towards legitimising the modernisation of critical infrastructures. But we also show that security risk management practices cannot be directly transplanted from the safety realm, as cyber security is grounded in anticipation of the future adversarial behaviours rather than the history of equipment failure rates. Our analysis offers several postulates for the emerging research agenda on big data in complex engineering systems. Building on the conceptualisations of safety and security grounded in the materialist literature across Science and Technology Studies and Organisational Sociology, we call for a better understanding of the ‘making of’ technologies, standardisation processes and engineering knowledge in a quest to build safe and secure critical infrastructures.

show abstract

“…We also identified three existing privacy risk methodologies and taxonomies that we plan to integrate into our work: Jakobi et al's list of user-perceived privacy risks [18], Solove's Privacy Harms [19], and LINDDUN [20]. Of these, LINDDUN is notable in that it provides a privacy engineering framework that provides knowledge bases and taxonomies for threats and mitigations associated with software systems.…”

Section: Populating Risks and Mitigation Conceptsmentioning

confidence: 99%

A Semantic Specification for Data Protection Impact Assessments (DPIA)

Pandit

2022

Towards a Knowledge-Aware AI

View full text Add to dashboard Cite

The GDPR requires assessing and conducting a Data Protection Impact Assessment (DPIA) for processing of personal data that may result in high risk and impact to the data subjects. Documenting this process requires information about processing activities, entities and their roles, risks, mitigations and resulting impacts, and consultations. Impact assessments are complex activities where stakeholders face difficulties to identify relevant risks and mitigations, especially for emerging technologies and specific considerations in their use-cases, and to document outcomes in a consistent and reusable manner. We address this challenge by utilising linked-data to represent DPIA related information so that it can be better managed and shared in an interoperable manner. For this, we consulted the guidance documents produced by EU Data Protection Authorities (DPA) regarding DPIA and by ENISA regarding risk management. The outcome of our efforts is an extension to the Data Privacy Vocabulary (DPV) for documenting DPIAs and an ontology for risk management based on ISO 31000 family of standards. Our contributions fill an important gap within the state of the art, and paves the way for shared impact assessments with future regulations such as for AI and Cybersecurity.

show abstract

LINDDUN GO: A Lightweight Approach to Privacy Threat Modeling

Cited by 48 publications

References 14 publications

Utilizing Shannon's Entropy to Create Privacy Aware Architectures

Utilizing Shannon's Entropy to Create Privacy Aware Architectures

When the future meets the past: Can safety and cyber security coexist in modern critical infrastructures?

A Semantic Specification for Data Protection Impact Assessments (DPIA)

Contact Info

Product

Resources

About