A descriptive study of assumptions made in LINDDUN privacy threat elicitation
Dimitri Van Landuyt, Wouter Joosen
Abstract
Threat modeling is widely adopted and increasingly recognized as an essential step in the secure software development life cycle (SDLC). Focused on privacy-specific threat categories, LINDDUN is a threat modeling framework that allows the identification of privacy-related design flaws at the stage of the initial architecture concept. LINDDUN advocates making explicit any assumptions during the identification and prioritization of privacy threats. These assumptions are in practice documented informally in a free-form, textual format, and the impact, nature and purpose of these assumptions within the context of LINDDUN is not well understood.
Topics & Concepts
Computer sciencePrioritizationIdentification (biology)Threat modelContext (archaeology)Systems development life cycleComputer securityInformation privacyInternet privacySoftwareSoftware development processProcess managementSoftware developmentEngineeringBotanyBiologyPaleontologyProgramming languageInformation and Cyber SecurityAdvanced Malware Detection TechniquesSoftware Engineering Research