interaction based privacy threat
play

Interaction-Based Privacy Threat Elicitation Laurens Sion , Kim - PowerPoint PPT Presentation

Feb 25, 2023 •423 likes •1.05k views

Interaction-Based Privacy Threat Elicitation Laurens Sion , Kim Wuyts, Koen Yskout, Dimitri Van Landuyt, Wouter Joosen 27 th April 2018 IWPE2018 London, United Kingdom Importance of Considering Privacy by Design Number of Data Breaches

  1. Interaction-Based Privacy Threat Elicitation Laurens Sion , Kim Wuyts, Koen Yskout, Dimitri Van Landuyt, Wouter Joosen 27 th April 2018 – IWPE2018 – London, United Kingdom

  2. Importance of Considering Privacy by Design Number of Data Breaches › Data breaches 40 30 20 10 0 5 (full bank account details) 4 (E.g., health records) 3 (E.g., creditcard info) 2 (SSN, personal details) 1 (E.g., email, online info) Data: Information is beautiful: World's Biggest Data Breaches 2

  3. Importance of Considering Privacy by Design Number of records lost › Data breaches 10000 Millions 1000 100 10 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 Data: Information is beautiful: World's Biggest Data Breaches 3

  4. Importance of Considering Privacy by Design › Data breaches › Users’ view inconsistent with collection/usage 4

  5. Importance of Considering Privacy by Design › Data breaches › Users’ view inconsistent with collection/usage › Increasingly legislated GDPR mandates privacy by design 5

  6. Realizing Privacy by Design › GDPR mentions risk ≫ 70 times 6

  7. Realizing Privacy by Design › GDPR mentions risk ≫ 70 times › Appropriate technical measures Identify issues 7

  8. Realizing Privacy by Design › GDPR mentions risk ≫ 70 times › Appropriate technical measures Identify issues › Accountability Demonstrate compliance 8

  9. Privacy Threat Modeling Steps Model Map Elicit and Document Model the system Map the LINDDUN threat Elicit and document types to the model privacy threats 9

  10. Privacy Threat Modeling Steps Model 1. User Model › DFD model of 2. 3. Portal Service Model the system the system 4. Social network data 10

  11. Privacy Threat Modeling Steps Map Elicit and Document Model the system Map the LINDDUN threat Elicit and document types to the model privacy threats 11

  12. Privacy Threat Modeling Steps Map Map Map the LINDDUN threat types to the model 12

  13. Privacy Threat Modeling Steps Map L I N D D U N 1. User Map Data store X X X X X X TEMPLATE MAPPING Data flow X X X X X X Process X X X X X X 2. 3. Entity X X X Portal Service Map the LINDDUN threat types to the model Threat target L I N D D U N Social network db X X x x X X* Data store 4. Social network data Data flow User data stream (user- portal) ... 13

  14. Privacy Threat Modeling Steps Map L I N D D U N 1. User Map Data store X X X X X X TEMPLATE MAPPING Data flow X X X X X X Process X X X X X X 2. 3. Entity X X X Portal Service Map the LINDDUN threat types to the model Threat target L I N D D U N Social network db X X x x X X* Data store 4. Social network data Data flow User data stream (user- portal) ... 14

  15. Privacy Threat Modeling Steps Map L I N D D U N 1. User Map Data store X X X X X X TEMPLATE MAPPING Data flow X X X X X X Process X X X X X X 2. 3. Entity X X X Portal Service Map the LINDDUN threat types to the model Threat target L I N D D U N Social network db X X x x X X* Data store 4. Social network data Data flow User data stream (user- portal) ... 15

  16. Privacy Threat Modeling Steps Map L I N D D U N 1. User Map Data store X X X X X X TEMPLATE MAPPING Data flow X X X X X X Process X X X X X X 2. 3. Entity X X X Portal Service Map the LINDDUN threat types to the model Threat target L I N D D U N Social network db X X x x X X* Data store 4. Social network data Data flow User data stream (user- portal) ... 16

  17. Privacy Threat Modeling Steps Map L I N D D U N 1. User Map Data store X X X X X X TEMPLATE MAPPING Data flow X X X X X X Process X X X X X X 2. 3. Entity X X X Portal Service Map the LINDDUN threat types to the model Threat target L I N D D U N Social network db X X x x X X* Data store 4. Social network data Data flow User data stream (user- portal) ... 17

  18. Privacy Threat Modeling Steps Elicit and Document Model the system Map the LINDDUN threat Elicit and document types to the model privacy threats 18

  19. Privacy Threat Modeling Steps Elicit Threat target L I N D D U N Social network db X X x x X X* Data store Elicit and Document Data flow User data stream (user- portal) ... Elicit and document privacy threats MITIGATION TAXONOMY MITIGATION TAXONOMY THREAT TREE CATALOG 19

  20. Privacy Threat Modeling Steps Elicit Threat target L I N D D U N Social network db X X x x X X* Data store Elicit and Document Data flow User data stream (user- portal) ... Elicit and document privacy threats MITIGATION TAXONOMY MITIGATION TAXONOMY THREAT TREE CATALOG 20

  21. Privacy Threat Modeling Steps Model Map Elicit and Document Model the system Map the LINDDUN threat Elicit and document types to the model privacy threats 21

  22. The LINDDUN Privacy Framework › Linkability › Disclosure of Information › Identifiability › Unawareness Non-repudiation Non-compliance › › Detectability › 22

  23. Issues with Element-Based Elicitation › Undiscovered threats Process B A 23

  24. Issues with Element-Based Elicitation › Undiscovered threats Process B A 24

  25. Issues with Element-Based Elicitation › Undiscovered threats Process B Single Threat? A 25

  26. Issues with Element-Based Elicitation › Undiscovered threats Process B A 26

  27. Issues with Element-Based Elicitation › Undiscovered threats Process B A 27

  28. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats 28

  29. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats Client Server 29

  30. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats Client Server Detectability threats on processes 30

  31. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats Client Server Detectability threats on processes 31

  32. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats Client Server Detectability threats on processes 32

  33. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats Client Server Detectability threats on processes 33

  34. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats › Redundant threats 34

  35. Issues with Element-Based Elicitation › Undiscovered threats › Inapplicable threats › Redundant threats Client Server Detectability threats on processes 35

  36. Element- vs. Interaction-based Elicitation › Take local context into account More explicit and precise › Threats not caused by elements but through interactions › # 𝑗𝑜𝑢𝑓𝑠𝑏𝑑𝑢𝑗𝑝𝑜𝑡 < #{𝑓𝑚𝑓𝑛𝑓𝑜𝑢𝑡} › Less or more threats? › Lack of consensus on the most appropriate approach 36

  37. Interaction-based LINDDUN Client Server

  38. Interaction-based LINDDUN Client Server

  39. Interaction-based LINDDUN Client Server

  40. Interaction-based LINDDUN Client Server

  45. LINDDUN Examples › Full LINDDUN table of threats 45

  46. LINDDUN Examples › Full LINDDUN table of threats › Concrete examples 46

  47. LINDDUN Examples Website (S) showing incorrect password error reveals account existence. 47

  48. Qualities › Expressivity 48

  49. Qualities › Expressivity › Elimination of inapplicable threat types 49

  50. Qualities › Expressivity › Elimination of inapplicable threat types › Finding undiscovered threats 50

  51. Qualities › Expressivity › Elimination of inapplicable threat types › Finding undiscovered threats › Effort-precision trade-off 51

  52. Discussion › Semantics and ambiguities of privacy threats 52

  53. Discussion › Semantics and ambiguities of privacy threats › Threat trees 53

  54. Discussion › Semantics and ambiguities of privacy threats › Threat trees › Usage & tool support 54

  55. Discussion › Semantics and ambiguities of privacy threats › Threat trees › Usage & tool support › Granularity for threat elicitation 55

  56. Conclusion › Element-based elicitation is sub-optimal 56

  57. Conclusion › Element-based elicitation is sub-optimal › Interaction-based LINDDUN extension 57

  58. Conclusion › Element-based elicitation is sub-optimal › Interaction-based LINDDUN extension › Provide detailed LINDDUN interaction examples 58

  59. Conclusion › Element-based elicitation is sub-optimal › Interaction-based LINDDUN extension › Provide detailed LINDDUN interaction examples › Beyond interaction-based: to DFD patterns 59

  60. Conclusion › Element-based elicitation is sub-optimal › Interaction-based LINDDUN extension › Provide detailed LINDDUN interaction examples › Beyond interaction-based: to DFD patterns 60

  61. Questions? Thank you!

  62. Interaction-Based Privacy Threat Elicitation Laurens Sion, Kim Wuyts, Koen Yskout, Dimitri Van Landuyt, Wouter Joosen

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IWCG Privacy Update 26.10.2018 TPAC, Lyon Agenda 15m - High-level overview of documented threat

IWCG Privacy Update 26.10.2018 TPAC, Lyon Agenda 15m - High-level overview of documented threat

IWCG Privacy Update 26.10.2018 TPAC, Lyon Agenda 15m - High-level overview of documented threat vectors and potential mitigations based on issues and explainer at Privacy &amp; Security repo

487 views • 31 slides
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy Workshop @ MIT 15 TH November 2003 By Rakesh Kumar Wipro Technologies India Privacy Consumers Perspective Privacy can be defined as customers ability to

284 views • 17 slides
Human Resources Interaction With An Insider Threat Program 1 INTRODUCTION Davita N. Carpenter,

Human Resources Interaction With An Insider Threat Program 1 INTRODUCTION Davita N. Carpenter,

Human Resources Interaction With An Insider Threat Program 1 INTRODUCTION Davita N. Carpenter, SHRM-SCP Novetta Inc. Vice President, Human Resources/Employee Care Ethics/Compliance Officer Insider Threat Group Member 25+ years in Human

520 views • 16 slides
Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical

Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical

Review Review Course Overview Privacy Querying Published data, Encrypted Data yp Statistical databases Statistical databases, Differential privacy, Location-based privacy Encryption E ti Insider Threat/ DBMS Steganographic Intrusion

394 views • 24 slides
Artificial Intelligence: a friend of convenience but a threat to privacy? Patrick Nuttall, CISSP

Artificial Intelligence: a friend of convenience but a threat to privacy? Patrick Nuttall, CISSP

Source: Getty Images (licensed) Artificial Intelligence: a friend of convenience but a threat to privacy? Patrick Nuttall, CISSP CISM CBCI InnoTech Q1 2019 Security Matters Forum AI friend or foe for insurance businesses?2 Speaker

163 views • 13 slides
Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation

Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation

Vajra Cyber Threat Mitigation Service (Vajra CTMS) A Military Grade Cyber Threat Mitigation Service for Businesses and Governments Cyber Security &amp; Privacy Foundation Pte. Ltd., Singapore Cyber Security &amp; Privacy Foundation (CSPF)

369 views • 21 slides
Assessment What is Threat Assessment Threat assessment is the process of gathering

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides
The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda

The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda

The Odyssey: challenges to model privacy threats in a brave new world Rafa Glvez and Seda Grses Motivation imec - ESAT/COSIC, KU Leuven Threat Modeling 1. Characterize the system 2. Identify the threats 3. Threat and Risk analysis

147 views • 12 slides
Outline Gaze-Based Interaction in Cinematic 360 VR Cinematic 360 VR Gaze-Based

Outline Gaze-Based Interaction in Cinematic 360 VR Cinematic 360 VR Gaze-Based

Outline Gaze-Based Interaction in Cinematic 360 VR Cinematic 360 VR Gaze-Based Interaction Non-Linear Storytelling Media Authoring Luiz Velho VISGRAF Lab - IMPA Case Study Omnidirectional Video Equirectangular Format -

446 views • 10 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Honeymoon Threat Restoration Rescue Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to normal living. A disaster has not yet oc- curred, but there is a sense of impending doom. Individual

604 views • 6 slides
Protecting the Privacy of Investors: An Overview of the Regulatory Framework &amp; Tips on

Protecting the Privacy of Investors: An Overview of the Regulatory Framework &amp; Tips on

Protecting the Privacy of Investors: An Overview of the Regulatory Framework &amp; Tips on Avoiding Threats May 28, 2015 Malcolm Townsend, IT Research Analyst Overview Background Trends Threat landscape Privacy regulatory

102 views • 8 slides
Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in Information Systems 1 NIST research has a broad impact shutterstock.com shutterstocom G. Hooijer/ D. Stork/ Facilitates trade and fair Improves

405 views • 18 slides
What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

DDoS &amp; Modern Threat Motives Dan Holden Director, ASERT What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape Geo-poli:cal More defenses ? App/Content t a

1.13k views • 44 slides
MMI 2: Mobile Human- Computer Interaction Sensor-Based Mobile Interaction Prof. Dr. Michael

MMI 2: Mobile Human- Computer Interaction Sensor-Based Mobile Interaction Prof. Dr. Michael

MMI 2: Mobile Human- Computer Interaction Sensor-Based Mobile Interaction Prof. Dr. Michael Rohs michael.rohs@ifi.lmu.de Mobile Interaction Lab, LMU Mnchen Lectures # Date Topic 1 19.10.2011 Introduction to Mobile Interaction, Mobile

727 views • 51 slides
A Semantic Model for Friend Segregation in Online Social Networks Javed Ahmed ICWE 2016, Lugano,

A Semantic Model for Friend Segregation in Online Social Networks Javed Ahmed ICWE 2016, Lugano,

Introduction Research Problem Our Approach Theoretical Framework for Privacy Results of User Study: Interaction Pattern Results of User Study: Preferred Interaction Results of User Study: Interaction Ranking Ontological Model Conclusion and

552 views • 16 slides
Hybrid System Falsification and Reinforcement Learning Formal Method for Cyber-Physical Systems

Hybrid System Falsification and Reinforcement Learning Formal Method for Cyber-Physical Systems

Hybrid System Falsification and Reinforcement Learning Formal Method for Cyber-Physical Systems Clovis Eberhart David Sprunger National Institute of Technology, Japan SOKENDAI lesson, July 1, 8, and 22 1 / 31 Quick reminder Falsification:

405 views • 36 slides
Simplified Approach for Representing Part-Whole Relations in OWL-DL Ontologies A.Aziz Altowayan

Simplified Approach for Representing Part-Whole Relations in OWL-DL Ontologies A.Aziz Altowayan

Simplified Approach for Representing Part-Whole Relations in OWL-DL Ontologies A.Aziz Altowayan and Lixin Tao Pace University IEEE BigDataSecurity, 2015 Aug. 24, 2015 Ontology and Knowledge Representation Representation Problem in OWL

544 views • 27 slides
Expressivity Analysis for PL-Languages Manfred Jaeger Kristian Kersing, Luc De Raedt Aalborg

Expressivity Analysis for PL-Languages Manfred Jaeger Kristian Kersing, Luc De Raedt Aalborg

Expressivity Analysis for PL-Languages Manfred Jaeger Kristian Kersing, Luc De Raedt Aalborg University Freiburg University . 1/10 Semantics-based Expressivity Analysis The Problem Alphabet soup (L.Getoor): Prism, SLP , RBN, PRM,

380 views • 10 slides
Motivation SMT Theories of Interest History of SMT Eager approach Lazy approach Optimizations

Motivation SMT Theories of Interest History of SMT Eager approach Lazy approach Optimizations

SMT Theory and DPLL( T ) Albert Oliveras Technical University of Catalonia (BarcelonaTech) Third International SAT/SMT Solver Summer School 2013 Aalto University, Finland July 4th, 2013 SMT Theory and DPLL( T ) p. 1 Overview of the talk

1.43k views • 112 slides
Parallel Programming Must Be Deterministic by Default Robert Bocchino , Vikram Adve, Sarita Adve,

Parallel Programming Must Be Deterministic by Default Robert Bocchino , Vikram Adve, Sarita Adve,

Parallel Programming Must Be Deterministic by Default Robert Bocchino , Vikram Adve, Sarita Adve, and Marc Snir University of Illinois at Urbana-Champaign http://dpj.cs.uiuc.edu/ Parallel Programming Is Too Hard Too many nondeterministic

260 views • 22 slides
A survey on SNARKs Carla R` afols Elliptic Curve Cryptography, Bochum, December 3rd Carla R`

A survey on SNARKs Carla R` afols Elliptic Curve Cryptography, Bochum, December 3rd Carla R`

A survey on SNARKs Carla R` afols Elliptic Curve Cryptography, Bochum, December 3rd Carla R` afols ZKProofs Elliptic Curve Cryptography, Bochum, December 3rd What are ZK Proofs? 2 5 1 9 4 2 6 5 7 1 3 9 8 8 2 3 6 8 5 7 2

899 views • 49 slides
Human-Computer Partnerships Wendy E. Mackay Inria, Universit Paris-Saclay 11 October 2018 What

Human-Computer Partnerships Wendy E. Mackay Inria, Universit Paris-Saclay 11 October 2018 What

ECCS Human-Computer Partnerships Wendy E. Mackay Inria, Universit Paris-Saclay 11 October 2018 What kind of partnership ? Take a taxi Driver in control What kind of partnership ? Take a taxi Driver in control Drive a

920 views • 68 slides
Quantifier Elimination Assia Mahboubi Syntax of first order formulae Terms T on a signature

Quantifier Elimination Assia Mahboubi Syntax of first order formulae Terms T on a signature

Quantifier Elimination Assia Mahboubi Syntax of first order formulae Terms T on a signature and a set X of variables are: Syntax of first order formulae Terms T on a signature and a set X of variables are: Variables: x X

847 views • 67 slides

More recommend