interaction based privacy threat
play

Interaction-Based Privacy Threat Elicitation Laurens Sion , Kim - PowerPoint PPT Presentation

Feb 25, 2023 •423 likes •1.05k views

Interaction-Based Privacy Threat Elicitation Laurens Sion , Kim Wuyts, Koen Yskout, Dimitri Van Landuyt, Wouter Joosen 27 th April 2018 IWPE2018 London, United Kingdom Importance of Considering Privacy by Design Number of Data Breaches

  1. Interaction-Based Privacy Threat Elicitation Laurens Sion , Kim Wuyts, Koen Yskout, Dimitri Van Landuyt, Wouter Joosen 27 th April 2018 – IWPE2018 – London, United Kingdom

  2. Importance of Considering Privacy by Design Number of Data Breaches › Data breaches 40 30 20 10 0 5 (full bank account details) 4 (E.g., health records) 3 (E.g., creditcard info) 2 (SSN, personal details) 1 (E.g., email, online info) Data: Information is beautiful: World's Biggest Data Breaches 2

  3. Importance of Considering Privacy by Design Number of records lost › Data breaches 10000 Millions 1000 100 10 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Data: Information is beautiful: World's Biggest Data Breaches 3

  4. Importance of Considering Privacy by Design › Data breaches › Users’ view inconsistent with collection/usage 4

  5. Importance of Considering Privacy by Design › Data breaches › Users’ view inconsistent with collection/usage › Increasingly legislated GDPR mandates privacy by design 5

  6. Realizing Privacy by Design › GDPR mentions risk ≫ 70 times 6

  7. Realizing Privacy by Design › GDPR mentions risk ≫ 70 times › Appropriate technical measures Identify issues 7

  8. Realizing Privacy by Design › GDPR mentions risk ≫ 70 times › Appropriate technical measures Identify issues › Accountability Demonstrate compliance 8

  9. Privacy Threat Modeling Steps Model Map Elicit and Document Model the system Map the LINDDUN threat Elicit and document types to the model privacy threats 9

  10. Privacy Threat Modeling Steps Model 1. User Model › DFD model of 2. 3. Portal Service Model the system the system 4. Social network data 10

  11. Privacy Threat Modeling Steps Map Elicit and Document Model the system Map the LINDDUN threat Elicit and document types to the model privacy threats 11

  12. Privacy Threat Modeling Steps Map Map Map the LINDDUN threat types to the model 12

  13. Privacy Threat Modeling Steps Map L I N D D U N 1. User Map Data store X X X X X X TEMPLATE MAPPING Data flow X X X X X X Process X X X X X X 2. 3. Entity X X X Portal Service Map the LINDDUN threat types to the model Threat target L I N D D U N Social network db X X x x X X* Data store 4. Social network data Data flow User data stream (user- portal) ... 13

  14. Privacy Threat Modeling Steps Map L I N D D U N 1. User Map Data store X X X X X X TEMPLATE MAPPING Data flow X X X X X X Process X X X X X X 2. 3. Entity X X X Portal Service Map the LINDDUN threat types to the model Threat target L I N D D U N Social network db X X x x X X* Data store 4. Social network data Data flow User data stream (user- portal) ... 14

  15. Privacy Threat Modeling Steps Map L I N D D U N 1. User Map Data store X X X X X X TEMPLATE MAPPING Data flow X X X X X X Process X X X X X X 2. 3. Entity X X X Portal Service Map the LINDDUN threat types to the model Threat target L I N D D U N Social network db X X x x X X* Data store 4. Social network data Data flow User data stream (user- portal) ... 15

  16. Privacy Threat Modeling Steps Map L I N D D U N 1. User Map Data store X X X X X X TEMPLATE MAPPING Data flow X X X X X X Process X X X X X X 2. 3. Entity X X X Portal Service Map the LINDDUN threat types to the model Threat target L I N D D U N Social network db X X x x X X* Data store 4. Social network data Data flow User data stream (user- portal) ... 16

  17. Privacy Threat Modeling Steps Map L I N D D U N 1. User Map Data store X X X X X X TEMPLATE MAPPING Data flow X X X X X X Process X X X X X X 2. 3. Entity X X X Portal Service Map the LINDDUN threat types to the model Threat target L I N D D U N Social network db X X x x X X* Data store 4. Social network data Data flow User data stream (user- portal) ... 17

  18. Privacy Threat Modeling Steps Elicit and Document Model the system Map the LINDDUN threat Elicit and document types to the model privacy threats 18

  19. Privacy Threat Modeling Steps Elicit Threat target L I N D D U N Social network db X X x x X X* Data store Elicit and Document Data flow User data stream (user- portal) ... Elicit and document privacy threats MITIGATION TAXONOMY MITIGATION TAXONOMY THREAT TREE CATALOG 19

  20. Privacy Threat Modeling Steps Elicit Threat target L I N D D U N Social network db X X x x X X* Data store Elicit and Document Data flow User data stream (user- portal) ... Elicit and document privacy threats MITIGATION TAXONOMY MITIGATION TAXONOMY THREAT TREE CATALOG 20

  21. Privacy Threat Modeling Steps Model Map Elicit and Document Model the system Map the LINDDUN threat Elicit and document types to the model privacy threats 21

  22. The LINDDUN Privacy Framework › Linkability › Disclosure of Information › Identifiability › Unawareness Non-repudiation Non-compliance › › Detectability › 22

  23. Issues with Element-Based Elicitation › Undiscovered threats Process B A 23

  24. Issues with Element-Based Elicitation › Undiscovered threats Process B A 24

  25. Issues with Element-Based Elicitation › Undiscovered threats Process B Single Threat? A 25

  26. Issues with Element-Based Elicitation › Undiscovered threats Process B A 26

  27. Issues with Element-Based Elicitation › Undiscovered threats Process B A 27

  28. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats 28

  29. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats Client Server 29

  30. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats Client Server Detectability threats on processes 30

  31. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats Client Server Detectability threats on processes 31

  32. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats Client Server Detectability threats on processes 32

  33. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats Client Server Detectability threats on processes 33

  34. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats › Redundant threats 34

  35. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats › Redundant threats Client Server Detectability threats on processes 35

  36. Element- vs. Interaction-based Elicitation › Take local context into account More explicit and precise › Threats not caused by elements but through interactions › # 𝑗𝑜𝑢𝑓𝑠𝑏𝑑𝑢𝑗𝑝𝑜𝑡 < #{𝑓𝑚𝑓𝑛𝑓𝑜𝑢𝑡} › Less or more threats? › Lack of consensus on the most appropriate approach 36

  37. Interaction-based LINDDUN Client Server

  38. Interaction-based LINDDUN Client Server

  39. Interaction-based LINDDUN Client Server

  40. Interaction-based LINDDUN Client Server

  45. LINDDUN Examples › Full LINDDUN table of threats 45

  46. LINDDUN Examples › Full LINDDUN table of threats › Concrete examples 46

  47. LINDDUN Examples Website (S) showing incorrect password error reveals account existence. 47

  48. Qualities › Expressivity 48

  49. Qualities › Expressivity › Elimination of inapplicable threat types 49

  50. Qualities › Expressivity › Elimination of inapplicable threat types › Finding undiscovered threats 50

  51. Qualities › Expressivity › Elimination of inapplicable threat types › Finding undiscovered threats › Effort-precision trade-off 51

  52. Discussion › Semantics and ambiguities of privacy threats 52

  53. Discussion › Semantics and ambiguities of privacy threats › Threat trees 53

  54. Discussion › Semantics and ambiguities of privacy threats › Threat trees › Usage & tool support 54

  55. Discussion › Semantics and ambiguities of privacy threats › Threat trees › Usage & tool support › Granularity for threat elicitation 55

  56. Conclusion › Element-based elicitation is sub-optimal 56

  57. Conclusion › Element-based elicitation is sub-optimal › Interaction-based LINDDUN extension 57

  58. Conclusion › Element-based elicitation is sub-optimal › Interaction-based LINDDUN extension › Provide detailed LINDDUN interaction examples 58

  59. Conclusion › Element-based elicitation is sub-optimal › Interaction-based LINDDUN extension › Provide detailed LINDDUN interaction examples › Beyond interaction-based: to DFD patterns 59

  60. Conclusion › Element-based elicitation is sub-optimal › Interaction-based LINDDUN extension › Provide detailed LINDDUN interaction examples › Beyond interaction-based: to DFD patterns 60

  61. Questions? Thank you!

  62. Interaction-Based Privacy Threat Elicitation Laurens Sion, Kim Wuyts, Koen Yskout, Dimitri Van Landuyt, Wouter Joosen

Recommend

IWCG Privacy Update 26.10.2018 TPAC, Lyon Agenda 15m - High-level overview of documented threat

IWCG Privacy Update 26.10.2018 TPAC, Lyon Agenda 15m - High-level overview of documented threat

IWCG Privacy Update 26.10.2018 TPAC, Lyon Agenda 15m - High-level overview of documented threat vectors and potential mitigations based on issues and explainer at Privacy &amp; Security repo

487 views • 31 slides
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT 15 TH November 2003 By Rakesh Kumar Wipro Technologies India Privacy Consumers Perspective Privacy can be defined as customers ability to

284 views • 17 slides
Human Resources Interaction With An Insider Threat Program 1 INTRODUCTION Davita N. Carpenter,

Human Resources Interaction With An Insider Threat Program 1 INTRODUCTION Davita N. Carpenter,

Human Resources Interaction With An Insider Threat Program 1 INTRODUCTION Davita N. Carpenter, SHRM-SCP Novetta Inc. Vice President, Human Resources/Employee Care Ethics/Compliance Officer Insider Threat Group Member 25+ years in Human

520 views • 16 slides
Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical

Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical

Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical databases Statistical databases, Differential privacy, Location-based privacy Encryption E ti Insider Threat/ DBMS Steganographic Intrusion

394 views • 24 slides
Artificial Intelligence: a friend of convenience but a threat to privacy? Patrick Nuttall, CISSP

Artificial Intelligence: a friend of convenience but a threat to privacy? Patrick Nuttall, CISSP

Source: Getty Images (licensed) Artificial Intelligence: a friend of convenience but a threat to privacy? Patrick Nuttall, CISSP CISM CBCI InnoTech Q1 2019 Security Matters Forum AI friend or foe for insurance businesses?2 Speaker

163 views • 13 slides
Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation

Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation

Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation Service for Businesses and Governments Cyber Security &amp; Privacy Foundation Pte. Ltd., Singapore Cyber Security &amp; Privacy Foundation (CSPF)

369 views • 21 slides
Assessment What is Threat Assessment Threat assessment is the process of gathering

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides
The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda

The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda

The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda Grses Motivation imec - ESAT/COSIC, KU Leuven Threat Modeling 1. Characterize the system 2. Identify the threats 3. Threat and Risk analysis

147 views • 12 slides
Outline Gaze-Based Interaction in Cinematic 360 VR Cinematic 360 VR Gaze-Based

Outline Gaze-Based Interaction in Cinematic 360 VR Cinematic 360 VR Gaze-Based

Outline Gaze-Based Interaction in Cinematic 360 VR Cinematic 360 VR Gaze-Based Interaction Non-Linear Storytelling Media Authoring Luiz Velho VISGRAF Lab - IMPA Case Study Omnidirectional Video Equirectangular Format -

446 views • 10 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

455 views • 10 slides
Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Honeymoon Threat Restoration Rescue Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to normal living. A disaster has not yet oc- curred, but there is a sense of impending doom. Individual

604 views • 6 slides
Protecting the Privacy of Investors: An Overview of the Regulatory Framework &amp; Tips on

Protecting the Privacy of Investors: An Overview of the Regulatory Framework &amp; Tips on

Protecting the Privacy of Investors: An Overview of the Regulatory Framework &amp; Tips on Avoiding Threats May 28, 2015 Malcolm Townsend, IT Research Analyst Overview Background Trends Threat landscape Privacy regulatory

102 views • 8 slides
Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in Information Systems 1 NIST research has a broad impact shutterstock.com shutterstocom G. Hooijer/ D. Stork/ Facilitates trade and fair Improves

405 views • 18 slides
What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

DDoS &amp; Modern Threat Motives Dan Holden Director, ASERT What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape Geo-poli:cal More defenses ? App/Content t a

1.13k views • 44 slides
MMI 2: Mobile Human- Computer Interaction Sensor-Based Mobile Interaction Prof. Dr. Michael

MMI 2: Mobile Human- Computer Interaction Sensor-Based Mobile Interaction Prof. Dr. Michael

MMI 2: Mobile Human- Computer Interaction Sensor-Based Mobile Interaction Prof. Dr. Michael Rohs michael.rohs@ifi.lmu.de Mobile Interaction Lab, LMU Mnchen Lectures # Date Topic 1 19.10.2011 Introduction to Mobile Interaction, Mobile

727 views • 51 slides
A Semantic Model for Friend Segregation in Online Social Networks Javed Ahmed ICWE 2016, Lugano,

A Semantic Model for Friend Segregation in Online Social Networks Javed Ahmed ICWE 2016, Lugano,

Introduction Research Problem Our Approach Theoretical Framework for Privacy Results of User Study: Interaction Pattern Results of User Study: Preferred Interaction Results of User Study: Interaction Ranking Ontological Model Conclusion and

552 views • 16 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
Active Threat on Campus Prevention &amp; Response Active threat defined An active threat can be

Active Threat on Campus Prevention &amp; Response Active threat defined An active threat can be

Active Threat on Campus Prevention &amp; Response Active threat defined An active threat can be defined as: A person whose immediate activity can cause death and/or serious injury An active threat can involve a firearm or another

395 views • 15 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Development of Initiating Cyber Threat Scenarios and the Probabilities Based on Operating

Development of Initiating Cyber Threat Scenarios and the Probabilities Based on Operating

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Development of Initiating Cyber Threat Scenarios and the Probabilities Based on Operating Experience Analysis Sang Min Han a , Poong Hyun Seong a a Department

540 views • 4 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los Chief Security Evangelist HP Software Shane MacDougall Principal Tactical Intelligence Modern threat modeling is a defensive response to

783 views • 52 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides

More recommend