research-article

Open access

Mitigation lost in translation: leveraging threat information to improve privacy solution selection

Authors:

Ala'a Al-Momani,

Christoph Bösch,

Frank KarglAuthors Info & Claims

SAC '22: Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing

Pages 1236 - 1247

https://doi.org/10.1145/3477314.3507107

Published: 06 May 2022 Publication History

Abstract

The design and implementation of privacy-preserving software systems is supported by privacy threat modeling approaches such as LINDDUN to assist in the identification of privacy threats. Resolving the identified privacy threats requires the selection of appropriate countermeasures and solutions to apply to the system. However, there is limited support for non-expert users to determine which solutions are preferable given the identified privacy threats.

In this paper, we present an approach for constructing solution-guidance methods to guide these users from threats to appropriate privacy solutions. We focus on hard privacy threats such as identifiability, and apply our approach on the LINDDUN threat trees to construct selection-support in order to guide users from the threat tree nodes to the most appropriate mitigation countermeasures. In particular, we present 4 solution flowcharts that take privacy analysts from threat tree nodes through a set of questions to suitable privacy countermeasures. Our approach reuses substantial threat information in the solution selection, and thus, offers targeted countermeasures toward specific threat causes.

References

[1]

[n. d.]. Privacy Patterns. https://privacypatterns.org/patterns/ Last Checked: Oct. 2021.

[2]

[n. d.]. Privacy Patterns. https://privacypatterns.eu/ Last Checked: Oct. 2021.

[3]

Ala'a Al-Momani, Christoph Bösch, Kim Wuyts, Laurens Sion, Wouter Joosen, and Frank Kargl. 2022. Solution Chart Repository. https://drive.google.com/drive/folders/1uvMo_u2h1hdh0ONvtRzOeCQ5YGR32fGR.

[4]

Ala'a Al-Momani, Frank Kargl, Robert Schmidt, Antonio Kung, Christoph Bösch, et al. 2019. A Privacy-Aware V-Model for Software Development. In 2019 IEEE Security and Privacy Workshops (SPW). IEEE, 100--104.

[5]

Ala'a Al-Momani, Kim Wuyts, Laurens Sion, Frank Kargl, Wouter Joosen, Benjamin Erb, and Christoph Bösch. 2021. Land of the lost: privacy patterns' forgotten properties: enhancing selection-support for privacy patterns. In Proceedings of the 36th Annual ACM Symposium on Applied Computing. 1217--1225.

Digital Library

[6]

Kathrin Bednar, Sarah Spiekermann, and Marc Langheinrich. 2019. Engineering Privacy by Design: Are engineers ready to live up to the challenge? The Information Society 35, 3 (2019), 122--142.

[7]

Kaitlin Boeckl and Naomi Lefkovitz. 2020. NIST Privacy Framework: A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0.

[8]

Michael Colesky and Julio C Caiza. 2018. A System of Privacy Patterns for Informing Users: Creating a Pattern System. In Proceedings of the 23rd European Conference on Pattern Languages of Programs. 1--11.

Digital Library

[9]

Michael Colesky, Julio C Caiza, José M Del Alamo, Jaap-Henk Hoepman, and Yod-Samuel Martín. 2018. A system of privacy patterns for user control. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing. 1150--1156.

Digital Library

[10]

Michael Colesky, Katerina Demetzou, Lothar Fritsch, and Sebastian Herold. 2019. Helping Software Architects Familiarize with the General Data Protection Regulation. In 2019 IEEE International Conference on Software Architecture Companion (ICSA-C). IEEE, 226--229.

[11]

Michael Colesky, Jaap-Henk Hoepman, and Christiaan Hillen. 2016. A critical analysis of privacy design strategies. In 2016 IEEE Security and Privacy Workshops (SPW). IEEE, 33--40.

[12]

Mina Deng, Kim Wuyts, Riccardo Scandariato, Bart Preneel, and Wouter Joosen. 2011. A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requirements Engineering 16, 1 (2011), 3--32.

Digital Library

[13]

Philippe Golle and Kurt Partridge. 2009. On the anonymity of home/work location pairs. In International Conference on Pervasive Computing. Springer, 390--397.

Digital Library

[14]

Seda Gurses and Joris Van Hoboken. 2017. Privacy after the agile turn. (2017).

[15]

Munawar Hafiz. 2006. A collection of privacy design patterns. In Proceedings of the 2006 conference on Pattern languages of programs. 1--13.

Digital Library

[16]

Johannes Heurix, Peter Zimmermann, Thomas Neubauer, and Stefan Fenz. 2015. A taxonomy for privacy enhancing technologies. Computers & Security 53 (2015), 1--17.

Digital Library

[17]

Jaap-Henk Hoepman. 2014. Privacy Design Strategies. In ICT Systems Security and Privacy Protection, Nora Cuppens-Boulahia, Frédéric Cuppens, Sushil Jajodia, Anas Abou El Kalam, and Thierry Sans (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 446--459.

[18]

ISO/IEC. 2019. TR 27550:2019 Information technology --- Security techniques --- Privacy engineering for system life cycle processes. Technical Report. https://www.iso.org/standard/72024.html Last Checked: Oct. 2021.

[19]

Nicolás Notario, Alberto Crespo, Yod-Samuel Martín, Jose M Del Alamo, Daniel Le Métayer, Thibaud Antignac, Antonio Kung, Inga Kroener, and David Wright. 2015. PRIPARE: integrating privacy best practices into a privacy engineering methodology. In 2015 IEEE Security and Privacy Workshops. IEEE, 151--158.

Digital Library

[20]

Bruce Potter. 2009. Microsoft SDL threat modelling tool. Network Security 2009, 1 (2009), 15--18.

Digital Library

[21]

Sasha Romanosky, Alessandro Acquisti, Jason Hong, Lorrie Faith Cranor, and Batya Friedman. 2006. Privacy patterns for online interactions. In Proceedings of the 2006 conference on Pattern languages of programs. 1--9.

Digital Library

[22]

Adam Shostack. 2014. Threat modeling: Designing for security. John Wiley & Sons.

Digital Library

[23]

Laurens Sion, Dimitri Van Landuyt, Kim Wuyts, and Wouter Joosen. 2019. Privacy risk assessment for data subject-aware threat modeling. In 2019 IEEE Security and Privacy Workshops (SPW). IEEE, 64--71.

[24]

Laurens Sion, KimWuyts, Koen Yskout, Dimitri Van Landuyt, and Wouter Joosen. 2018. Interaction-based privacy threat elicitation. In 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 79--86.

[25]

Laurens Sion, Koen Yskout, Dimitri Van Landuyt, and Wouter Joosen. 2018. Poster: Knowledge-enriched security and privacy threat modeling. In 2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion). IEEE, 290--291.

[26]

Sarah Spiekermann, Jana Korunovska, and Marc Langheinrich. 2018. Inside the organization: Why privacy and security engineering is a challenge for engineers. Proc. IEEE 107, 3 (2018), 600--615.

[27]

Kim Wuyts, Laurens Sion, and Wouter Joosen. 2020. LINDDUN GO: A Lightweight Approach to Privacy Threat Modeling. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 302--309.

[28]

Kim Wuyts, Laurens Sion, Dimitri Van Landuyt, and Wouter Joosen. 2019. Knowledge is power: Systematic reuse of privacy knowledge for threat elicitation. In 2019 IEEE Security and Privacy Workshops (SPW). IEEE, 80--83.

[29]

Kim Wuyts, Laurens Sion, Dimitri Van Landuyt, and Wouter Joosen. 2020. LINDDUN Mitigation strategies and solutions. https://www.linddun.org/mitigation-strategies-and-solutions.

Cited By

Wairimu SIwaya LFritsch LLindskog S(2024)On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2024.336086412(19625-19650)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3360864

Index Terms

Mitigation lost in translation: leveraging threat information to improve privacy solution selection
1. Security and privacy
  1. Software and application security
    1. Software security engineering
  2. Systems security
    1. Vulnerability management
2. Software and its engineering
  1. Software creation and management
    1. Designing software
      1. Software design engineering

Recommendations

Models of Applied Privacy (MAP): A Persona Based Approach to Threat Modeling
CHI '23: Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems

The paradigm of Privacy by Design aims to integrate privacy early in the product development life cycle. One element of this is to conduct threat modeling with developers to identify privacy threats that engender from the architecture design of the ...
Land of the lost: privacy patterns' forgotten properties: enhancing selection-support for privacy patterns
SAC '21: Proceedings of the 36th Annual ACM Symposium on Applied Computing

Privacy patterns describe core aspects of privacy-enhancing solutions to recurring problems and can, therefore, be instrumental to the privacy-by-design paradigm. However, the privacy patterns domain is still evolving. While the main focus is currently ...
PTMOL: A Privacy Threat Modeling Language for Online Social Networks
IHC '24: Proceedings of the XXIII Brazilian Symposium on Human Factors in Computing Systems
Online Social Networks (OSNs) have become one of the main technological phenomena on the Web, gaining significant popularity among users. With the growing global expansion of OSN services, people have begun to dedicate time and effort to maintaining and ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '22: Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing

April 2022

2099 pages

ISBN:9781450387132

DOI:10.1145/3477314

Conference Chairs:
Jiman Hong
Soongsil University
,
Miroslav Bures
Czech Technical University, Czechia
,
Program Chairs:
Juw Won Park
University of Louisville
,
Tomas Cerny
Baylor University

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 May 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SAC '22

Sponsor:

SIGAPP

SAC '22: The 37th ACM/SIGAPP Symposium on Applied Computing

April 25 - 29, 2022

Virtual Event

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
310
Total Downloads

Downloads (Last 12 months)132
Downloads (Last 6 weeks)9

Reflects downloads up to 17 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wairimu SIwaya LFritsch LLindskog S(2024)On the Evaluation of Privacy Impact Assessment and Privacy Risk Assessment Methodologies: A Systematic Literature ReviewIEEE Access10.1109/ACCESS.2024.336086412(19625-19650)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3360864

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents