Privacy Threat MOdeling Language

Andrey Rodrigues,Eduardo Luzeiro Feitosa,Maria Lúcia Bento Villela

doi:10.1109/access.2023.3255548

Andrey Rodrigues, Eduardo Luzeiro Feitosa + Show 1 more

Open Access

https://doi.org/10.1109/access.2023.3255548

Copy DOI

Abstract

Online Social Networks (OSNs) are becoming pervasive in today’s world. Millions of people worldwide are involved in different forms of online networking. However, this ease of use of OSNs comes with a cost in terms of privacy. Users of OSNs become victims of identity theft, cyberstalking, and information leakage, which are real threats to privacy. Consequently, new solutions need to be developed for addressing the threat scenarios to which a user is potentially exposed. In this sense, this paper presents PTMOL (Privacy Threat MOdeling Language) as an approach for modeling privacy threats in an OSN domain. The proposed language is related to the attempt to mitigate privacy threats at the design level, thus promoting concern about threats in the stages preceding the development of OSNs. Two studies were conducted to evaluate the use of PTMOL at the design stages, which provided insights into the correctness, completeness, ease of use, usefulness, user satisfaction, and feasibility of the proposal. The results indicated that PTMOL can be incorporated into software development during the design phase. Via the language, we expect to support designers in making more pre-emptive decisions about user privacy risk, and help them to introduce privacy early in the development cycle of OSNs.

Full Text