Jayati Dev, Comcast Cable
A pillar of Privacy by Design is proactive design that anticipates threats. Typically, developers become aware of privacy threats to their applications through threat modeling. This often happens at the later stages of product development. It is also very resource intensive and requires significant expertise. Consequently, by the time threat modelers find threats, mitigations are pushed to post-production and in most cases development teams must make changes causing significant frictions in the product delivery process. In this talk, we present a systematic privacy threat modeling framework called Models of Applied Privacy (MAP) that helps developers discover and report threats early. MAP utilizes established frameworks to outline relevant threat actors, associated threats, and the resulting harm. We discuss the practical implementation of MAP as a persona picker product owners can use for identifying privacy requirements, conveying them to developers, and planning remediation. Further, we show that MAP can classify real-world privacy incidents.
Contributors: Bahman Rashidi, Vaibhav Garg, Nishanth Ganeshsankar, Dinesh Prakash
Jayati Dev, Comcast Cable
Jayati Dev is a Privacy Engineer in the SPIDER security research team at Comcast. She works on developing frameworks, tools, and processes for threat management. She holds a PhD in Security Informatics from Indiana University Bloomington where she worked in human-centered privacy design for conversational platforms.
author = {Jayati Dev},
title = {Putting Privacy on the Map},
year = {2023},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = sep
}