The Workshop on Privacy Threat Modeling (WPTM)

Sunday, August 7th, 2022 | 1:30-5PM | In-person attendance

The Workshop on Privacy Threat Modeling brings together researchers, practitioners, government representatives, and industry specialists to collaborate on the topic of privacy threats. While aspects of privacy risk modeling are relatively well-developed, such as constructions of privacy harms (Solove’s Taxonomy of Privacy and Calo’s subjective/objective privacy harms for instance), there has been insufficient discussion around approaches to modeling privacy threats, broadly construed. A holistic approach to representing privacy threats could inform privacy risk models and provide a common lexicon to accelerate conversations in the privacy community.

We will explore how the community defines a privacy threat, incident, breach, or attack and the bounds of each term. We aim to develop better ways of creating datasets of privacy threats which can be used to generate threat models and better understand the privacy threat environment. We will discuss methods of categorizing and describing privacy threats using taxonomies and other ontological structures, as well as research and implementation challenges in this space.

The workshop will include an informative component and a collaborative component. In the informative component, two presentations describing qualitative privacy threat models will be followed by perspectives on the nature and practice of privacy threat modeling. The collaborative component will discuss issues related to the development and operationalization of privacy threat taxonomies.

Topics of interest include:

  • Definitions of a privacy incident, attack, threat, and breach
  • Differences and similarities between privacy and cybersecurity threats
  • Distinctions between privacy threats, privacy harms, and privacy vulnerabilities
  • Identifying and building datasets of privacy incidents, attacks, threats, and breaches
  • Describing or categorizing privacy threats, including taxonomies or ontologies for privacy incidents, attacks, threats, and breaches
  • Applicability and limitations of security threat modeling techniques for privacy
  • Integration of threat models in risk models and risk management
  • Role of risk modeling in privacy risk management
  • Privacy threat-informed defense
  • Qualitative versus quantitative threat modeling
  • Privacy threat case studies

See Proceedings to view all submitted position papers.

Important Dates

July 18, 2022 – SOUPS early registration and Workshop submission deadline

August 7-9, 2022 – The Symposium on Usable Privacy and Security