Unraveling Privacy Threat Modeling Complexity: Conceptual Privacy Analysis Layers

Abstract

Analyzing privacy threats in software products is an essential part of software development to ensure systems are privacy-respecting; yet it is still a far from trivial activity. While there have been many advancements in the past decade, they tend to focus on describing 'what' the threats are. What isn't entirely clear yet is 'how' to actually find these threats. Privacy is a complex domain. We propose to use four conceptual layers (feature, ecosystem, business context, and environment) to capture this privacy complexity. These layers can be used as a frame to structure and specify the privacy analysis support in a more tangible and actionable way, thereby improving applicability of the analysis process.