par Dimova, Yana;Kode, Mrunmayee;Kalantari, Shirin;Wuyts, Kim;Joosen, Wouter;Mühlberg, Jan Tobias 
Référence CCS '23: ACM SIGSAC Conference on Computer and Communications Security(26 November 2023: Copenhagen Denmark), WPES '23: Proceedings of the 22nd Workshop on Privacy in the Electronic Society, Association for Computing Machinery, New York, page (17-29)
Publication Publié, 2023
Référence CCS '23: ACM SIGSAC Conference on Computer and Communications Security(26 November 2023: Copenhagen Denmark), WPES '23: Proceedings of the 22nd Workshop on Privacy in the Electronic Society, Association for Computing Machinery, New York, page (17-29)
Publication Publié, 2023
Publication dans des actes
| Résumé : | Privacy threat modeling is a systematic approach to assess potential privacy risks which are a consequence of a given system design. Eliciting privacy threats requires a detailed understanding of system components and the ways in which these components interact. This makes it hard to impossible for any user, e.g., parties who interact with the system but do not possess knowledge about the inner workings of that system, to meaningfully engage in threat modeling and risk assessment. We explore an approach to address this problem by relying on information from a system's publicly available privacy policies to derive system models and apply threat modeling analyses. We chose the WhatsApp instant messaging system as a case study for privacy threat modeling from the perspective of a "regular" user. We apply the LINDDUN GO methodology and evaluate how threats evolved with time in two significant territorial areas, the European Union and India. Our study illustrates the impact of regulations and court cases and our approach may aid practitioners without inside knowledge to make informed choices regarding privacy risks when adopting third-party services. |
