Threat modelling is the process of identifying potential vulnerabilities in a system and prioritising them. Existing threat modelling tools focus primarily on technical systems and are not as well suited to interpersonal threats. In this paper, we discuss traditional threat modelling methods and their shortcomings, and propose a new threat modelling framework (HARMS) to identify non-technical and human factors harms. We also cover a case study of applying HARMS when it comes to IoT devices such as smart speakers with virtual assistants.

翻译：威胁建模是识别系统中潜在漏洞并对其进行优先级排序的过程。现有威胁建模工具主要关注技术系统，不太适用于人际威胁。本文讨论了传统威胁建模方法及其不足，并提出一种新的威胁建模框架（HARMS）以识别非技术性及人为因素危害。我们还通过案例研究展示了HARMS在智能音箱等配备虚拟助手的物联网设备中的应用。