Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
}
TY - GEN
T1 - Privacy-by-design based on quantitative threat modeling
AU - Luna, J.
AU - Suri, Neeraj
AU - Krontiris, I.
PY - 2012/10/10
Y1 - 2012/10/10
N2 - While the general concept of "Privacy-by-Design (PbD)" is increasingly a popular one, there is considerable paucity of either rigorous or quantitative underpinnings supporting PbD. Drawing upon privacy-aware modeling techniques, this paper proposes a quantitative threat modeling methodology (QTMM) that can be used to draw objective conclusions about different privacy-related attacks that might compromise a service. The proposed QTMM has been empirically validated in the context of the EU project ABC4Trust, where the end-users actually elicited security and privacy requirements of the so-called privacy-Attribute Based Credentials (privacy-ABCs) in a real-world scenario. Our overall objective, is to provide architects of privacy-respecting systems with a set of quantitative and automated tools to help decide across functional system requirements and the corresponding trade-offs (security, privacy and economic), that should be taken into account before the actual deployment of their services. © 2012 IEEE.
AB - While the general concept of "Privacy-by-Design (PbD)" is increasingly a popular one, there is considerable paucity of either rigorous or quantitative underpinnings supporting PbD. Drawing upon privacy-aware modeling techniques, this paper proposes a quantitative threat modeling methodology (QTMM) that can be used to draw objective conclusions about different privacy-related attacks that might compromise a service. The proposed QTMM has been empirically validated in the context of the EU project ABC4Trust, where the end-users actually elicited security and privacy requirements of the so-called privacy-Attribute Based Credentials (privacy-ABCs) in a real-world scenario. Our overall objective, is to provide architects of privacy-respecting systems with a set of quantitative and automated tools to help decide across functional system requirements and the corresponding trade-offs (security, privacy and economic), that should be taken into account before the actual deployment of their services. © 2012 IEEE.
KW - Automated tools
KW - End-users
KW - Functional systems
KW - Modeling technique
KW - Real-world scenario
KW - Security and privacy
KW - Threat modeling
KW - Computer privacy
KW - Internet
KW - Security of data
U2 - 10.1109/CRISIS.2012.6378941
DO - 10.1109/CRISIS.2012.6378941
M3 - Conference contribution/Paper
SN - 9781467330879
BT - 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)
PB - IEEE
ER -