Title :
Privacy-by-design based on quantitative threat modeling
Author :
Luna, Jesus ; Suri, Neeraj ; Krontiris, Ioannis
Author_Institution :
Dept. of Comput. Sci., Tech. Univ. Darmstadt, Darmstadt, Germany
Abstract :
While the general concept of “Privacy-by-Design (PbD)” is increasingly a popular one, there is considerable paucity of either rigorous or quantitative underpinnings supporting PbD. Drawing upon privacy-aware modeling techniques, this paper proposes a quantitative threat modeling methodology (QTMM) that can be used to draw objective conclusions about different privacy-related attacks that might compromise a service. The proposed QTMM has been empirically validated in the context of the EU project ABC4Trust, where the end-users actually elicited security and privacy requirements of the so-called privacy-Attribute Based Credentials (privacy-ABCs) in a real-world scenario. Our overall objective, is to provide architects of privacy-respecting systems with a set of quantitative and automated tools to help decide across functional system requirements and the corresponding trade-offs (security, privacy and economic), that should be taken into account before the actual deployment of their services.
Keywords :
computer crime; data privacy; software engineering; EU project ABC4Trust; PbD; QTMM; objective conclusions; privacy requirements; privacy-ABC; privacy-attribute-based credentials; privacy-aware modeling techniques; privacy-by-design; privacy-related attacks; privacy-respecting systems; quantitative threat modeling methodology; real-world scenario; security requirements; Data processing; Educational institutions; Portals; Positron emission tomography; Privacy; Security; Software;
Conference_Titel :
Risk and Security of Internet and Systems (CRiSIS), 2012 7th International Conference on
Conference_Location :
Cork
Print_ISBN :
978-1-4673-3087-9
Electronic_ISBN :
978-1-4673-3088-6
DOI :
10.1109/CRISIS.2012.6378941
