Privacy-by-design based on quantitative threat modeling

7th International Conference on Risks and Security of Internet and Systems, CRiSIS 2012

Volumn , Issue , 2012, Pages

  Luna, Jesus ^a   Suri, Neeraj ^a   Krontiris, Ioannis ^b  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^b GOETHE UNIVERSITY   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

AUTOMATED TOOLS; END-USERS; FUNCTIONAL SYSTEMS; MODELING TECHNIQUE; REAL-WORLD SCENARIO; SECURITY AND PRIVACY; THREAT MODELING;

COMPUTER PRIVACY; INTERNET;

SECURITY OF DATA;

EID: 84872081272     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CRISIS.2012.6378941     Document Type: Conference Paper

References (25)

1. European Commission, "A Digital Agenda for Europe," COM(2010) 245 final/2., EC, Tech. Rep., 2011.
2. Cavoukian, A., "Privacy by Design: The 7 Foundational Principles," Online: https://www.privacyassociation.org/, 2010.
3. ABC4Trust, "EU FP7 - ABC4Trust project: Attribute-based Credentials for Trust," Online: http://www.abc4trust.eu/, 2011.
4. Chaum D., "Security without identification: transaction systems to make big brother obsolete," CACM, vol. 28, no. 10, pp. 1030-1044, 1985.
5. Housley R., et.al., "Internet X.509 Public Key Infrastructure: Certificate and Certificate Revocation List (CRL) Profile," IETF, Tech. Rep. RFC-3280, 2002.
6. Zwingelberg H. and Hansen M., "Privacy Protection Goals and their implications for eID systems," in Proc. of the IFIP International Summer School, 2011.
7. Swiderski F. and Snyder W., Book: Threat Modeling. Microsoft Press, 2004.
8. Bruza P. and van der Weide T., "The semantics of data flow diagrams," in Proc. of the International Conference on Management of Data. McGraw-Hill, 1993, pp. 66 - 78.
9. European Commission, "General Data Protection Regulation," EC, Tech. Rep. COM(2012) 11 final, 2012.
10. Schneier B., "Attack trees," Dr Dobb's, vol. 24, no. 12, 1999. [Online]. Available: http://www.schneier.com/paper-attacktrees-ddj-ft.html
11. Deng M., et.al., "A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements," Requirements Engineering, vol. 16, pp. 3 - 32, 2011.
12. Sindre G. and Opdahl A., "Capturing security requirements through misuse cases," in Proc. of the Norsk informatikkonferanse, 2001, pp. 219 - 230.
13. Department of Homeland Security, "Attack Patterns," Online: https://buildsecurityin.us-cert.gov/, 2009.
14. Braber F., et.al., "Model-based security analysis in seven steps - a guided tour to the CORAS method," BT Technology Journal, vol. 25, no. 1, pp. 101 - 117, 2007.
15. Krontiris I. (ed.), "Architecture for Attribute-based Credential Technologies - Version 1," ABC4Trust Deliverable D2.1, Tech. Rep., 2011.
16. Miyazaki S., et.al., "Computer-aided privacy requirements elicitation technique," in Proc. of the IEEE Asia-Pacific Services Computing Conference, 2008, pp. 367 - 372.
17. Trabelsi S., et.al., "Data disclosure risk evaluation," in Proc. of the Fourth International Conference on Risks and Security of Internet and Systems, 2009, pp. 35 - 72.
18. Dandan R., et.al., "A Novel Attack Tree Based Risk Assessment Approach for Location Privacy Preservation in the VANETs," in Proc. of the IEEE Intl. Conference on Communications, 2011, pp. 1-5.
19. Yue C., et.al., "Value driven security threat modeling based on attack path analysis," in Proc. of the IEEE Annual Hawaii International Conference on System Sciences, 2007.
20. Alberts C. and Dorofee A., Book: Managing Information Security Risks: the OCTAVE approach. Addison-Wesley, 2002.
21. Karabacak B. and Sogukpinar I., "ISRAM: information security risk analysis method," Computers and Security, vol. 24, no. 2, pp. 147 - 159, 2005.
22. Weldemariam K. and Villafiorita A., "Formal procedural security modeling and analysis," in Proc. of the Third International Conference on Risks and Security of Internet and Systems, 2008, pp. 249 - 254.
23. Weldemariam K., et.al., "Formal analysis of attacks for e-voting system," in Proc. of the Fourth International Conference on Risks and Security of Internet and Systems, 2009, pp. 26 - 34.
24. Hartog T. and Kleinhuis G., "Security analysis of the dependability, security reconfigurability framework," in Proc. of the Third Intl. Conference on Risks and Security of Internet and Systems, 2008, pp. 93-100.
25. SHIELDS, "EU FP 7 - SHIELDS project: Detecting known security vulnerabilities from within design and development tools," Online: http://www.shields-project.eu/, 2010.