Publicatie

Knowledge is Power: Systematic Reuse of Privacy Knowledge for Threat Elicitation

Boekbijdrage - Boekhoofdstuk Conferentiebijdrage

Privacy threat modeling is difficult. Identifying relevant threats that cause privacy harm requires an extensive assessment of common potential privacy issues for all elements in the system-under-analysis. In practice, the outcome of a threat modeling exercise thus strongly depends on the level of experience and expertise of the analyst. However, capturing (at least part of) this privacy expertise in a reusable threat knowledge base (i.e. an inventory of common threat types), such as LINDDUN's and STRIDE's threat trees, can greatly improve the efficiency of the threat elicitation process and the overall quality of identified threats. In this paper, we highlight the problems of current knowledge bases, such as limited semantics and lack of instantiation logic, and discuss the requirements for a privacy threat knowledge base that streamlines threat elicitation efforts.

Boek: 2019 IEEE Security and Privacy Workshops (SPW)

Pagina's: 80 - 83

ISBN:978-1-7281-3508-3

Jaar van publicatie:2019

DOI: https://doi.org/10.1109/spw.2019.00025
Institutional Repository URL: https://lirias.kuleuven.be/2786461

Toegankelijkheid:Open

Publicatie

Knowledge is Power: Systematic Reuse of Privacy Knowledge for Threat Elicitation

Boekbijdrage - Boekhoofdstuk Conferentiebijdrage

Auteurs/uitgever

Onderzoekseenheden

Evenementen

Projecten