The Workshop on Privacy Threat Modeling brings together researchers, practitioners, government representatives, and industry specialists to collaborate on the topic of privacy threats. While aspects of privacy risk modeling are relatively well-developed, such as constructions of privacy harms (Solove’s Taxonomy of Privacy and Calo’s subjective/objective privacy harms for instance), there has been insufficient discussion around approaches to modeling privacy threats, broadly construed. A holistic approach to representing privacy threats could inform privacy risk models and provide a common lexicon to accelerate conversations in the privacy community.
We will explore how the community defines a privacy threat, incident, breach, or attack and the bounds of each term. We aim to develop better ways of creating datasets of privacy threats which can be used to generate threat models and better understand the privacy threat environment. We will discuss methods of categorizing and describing privacy threats using taxonomies and other ontological structures, as well as research and implementation challenges in this space.
The workshop will include an informative component and a collaborative component. In the informative component, two presentations describing qualitative privacy threat models will be followed by perspectives on the nature and practice of privacy threat modeling. The collaborative component will discuss issues related to the development and operationalization of privacy threat taxonomies.
Topics of interest include:
See Proceedings to view all submitted position papers.
July 18, 2022 – SOUPS early registration and Workshop submission deadline
August 7-9, 2022 – The Symposium on Usable Privacy and Security