PTMF：一种面向物联网的隐私威胁建模框架及其专家驱动的威胁传播分析 (PTMF: A Privacy Threat Modeling Framework for IoT with Expert-Driven Threat Propagation Analysis)

Previous studies on PTA have focused on analyzing privacy threats based on the potential areas of occurrence and their likelihood of occurrence. However, an in-depth understanding of the threat actors involved, their actions, and the intentions that result in privacy threats is essential. In this paper, we present a novel Privacy Threat Model Framework (PTMF) that analyzes privacy threats through different phases. The PTMF development is motivated through the selected tactics from the MITRE ATT\&CK framework and techniques from the LINDDUN privacy threat model, making PTMF a privacy-centered framework. The proposed PTMF can be employed in various ways, including analyzing the activities of threat actors during privacy threats and assessing privacy risks in IoT systems, among others. In this paper, we conducted a user study on 12 privacy threats associated with IoT by developing a questionnaire based on PTMF and recruited experts from both industry and academia in the fields of security and privacy to gather their opinions. The collected data were analyzed and mapped to identify the threat actors involved in the identification of IoT users (IU) and the remaining 11 privacy threats. Our observation revealed the top three threat actors and the critical paths they used during the IU privacy threat, as well as the remaining 11 privacy threats. This study could provide a solid foundation for understanding how and where privacy measures can be proactively and effectively deployed in IoT systems to mitigate privacy threats based on the activities and intentions of threat actors within these systems.

翻译：先前关于隐私威胁分析（PTA）的研究主要集中于基于潜在发生区域及其发生可能性来分析隐私威胁。然而，深入理解所涉及的威胁行为者、其行动以及导致隐私威胁的意图至关重要。本文提出了一种新颖的隐私威胁模型框架（PTMF），该框架通过不同阶段分析隐私威胁。PTMF的开发借鉴了MITRE ATT&CK框架中的选定战术以及LINDDUN隐私威胁模型中的技术，使得PTMF成为一个以隐私为中心的框架。所提出的PTMF可以多种方式应用，包括分析隐私威胁期间威胁行为者的活动、评估物联网系统中的隐私风险等。在本文中，我们基于PTMF开发了一份问卷，对与物联网相关的12种隐私威胁进行了用户研究，并招募了来自工业界和学术界的隐私与安全领域专家以收集他们的意见。通过分析并映射收集到的数据，我们识别了参与物联网用户识别（IU）以及其余11种隐私威胁的威胁行为者。我们的观察揭示了在IU隐私威胁以及其余11种隐私威胁中，排名前三的威胁行为者及其所使用的关键路径。这项研究为理解如何以及在哪里可以主动且有效地在物联网系统中部署隐私措施以减轻隐私威胁，提供了坚实的基础，这些措施基于威胁行为者在系统内的活动和意图。

相关内容

MoDELS

关注 45

ACM/IEEE第23届模型驱动工程语言和系统国际会议，是模型驱动软件和系统工程的首要会议系列，由ACM-SIGSOFT和IEEE-TCSE支持组织。自1998年以来，模型涵盖了建模的各个方面，从语言和方法到工具和应用程序。模特的参加者来自不同的背景，包括研究人员、学者、工程师和工业专业人士。MODELS 2019是一个论坛，参与者可以围绕建模和模型驱动的软件和系统交流前沿研究成果和创新实践经验。今年的版本将为建模社区提供进一步推进建模基础的机会，并在网络物理系统、嵌入式系统、社会技术系统、云计算、大数据、机器学习、安全、开源等新兴领域提出建模的创新应用以及可持续性。官网链接：http://www.modelsconference.org/

O’Reilly报告：知识图谱崛起——面向现代数据集成和数据结构体系，“The Rise of the Knowledge Graph——Toward Modern Data Integration and the Data Fabric Architecture”

专知会员服务

49+阅读 · 2022年2月18日

生成性对抗网络:理论模型、评估指标和最近发展的概述，Generative Adversarial Networks (GANs): An Overview of Theoretical Model, Evaluation Metrics, and Recent Developments

专知会员服务

42+阅读 · 2020年5月30日

FlowQA: Grasping Flow in History for Conversational Machine Comprehension

专知会员服务

34+阅读 · 2019年10月18日

Auto-Sizing the Transformer Network: Improving Speed, Efficiency, and Performance for Low-Resource Machine Translation

专知会员服务

50+阅读 · 2019年10月17日