Exploring how experienced and unexperienced professionals use a privacy threat modeling methodology
Autor(a) principal: | |
---|---|
Data de Publicação: | 2023 |
Outros Autores: | , |
Tipo de documento: | Artigo |
Idioma: | eng |
Título da fonte: | Journal on Interactive Systems |
Texto Completo: | https://sol.sbc.org.br/journals/index.php/jis/article/view/3235 |
Resumo: | Online Social Networks (OSNs) have become one of the principal technological phenomena of the Web, gaining an eminent popularity among its users. With the growing worldwide expansion of OSN services, people have devoted time and effort to maintaining and manipulating their online identity on these systems. However, the processing of personal data through these networks has exposed users to various privacy threats. Consequently, new solutions need to be developed for addressing the threat scenarios to which a user is potentially exposed. In this sense, this paper proposes PTMOL (Privacy Threat MOdeling Language), an approach for modeling privacy threats in OSN domain. The proposed language aims to support the capture, organization and analysis of specific privacy threats that a user is exposed to when sharing assets in a social application, also enabling the definition of countermeasures to prevent or mitigate the effects of threat scenarios. The first language version has undergone a preliminary empirical study that identified its validity as a modeling language. The results indicate that the use of the language is potentially useful for identifying real privacy threats due to its exploratory and reflexive nature. We expect to contribute to support designers in making more preemptive decisions about user privacy risk, helping them to introduce privacy early in the development cycle of social applications. |
id |
SBC-3_86e42a4df14bcb3fa0807b5eaae13337 |
---|---|
oai_identifier_str |
oai:ojs2.sol.sbc.org.br:article/3235 |
network_acronym_str |
SBC-3 |
network_name_str |
Journal on Interactive Systems |
repository_id_str |
|
spelling |
Exploring how experienced and unexperienced professionals use a privacy threat modeling methodologyThreat ModelingPrivacy ThreatOnline Social NetworkEmpirical Study Online Social Networks (OSNs) have become one of the principal technological phenomena of the Web, gaining an eminent popularity among its users. With the growing worldwide expansion of OSN services, people have devoted time and effort to maintaining and manipulating their online identity on these systems. However, the processing of personal data through these networks has exposed users to various privacy threats. Consequently, new solutions need to be developed for addressing the threat scenarios to which a user is potentially exposed. In this sense, this paper proposes PTMOL (Privacy Threat MOdeling Language), an approach for modeling privacy threats in OSN domain. The proposed language aims to support the capture, organization and analysis of specific privacy threats that a user is exposed to when sharing assets in a social application, also enabling the definition of countermeasures to prevent or mitigate the effects of threat scenarios. The first language version has undergone a preliminary empirical study that identified its validity as a modeling language. The results indicate that the use of the language is potentially useful for identifying real privacy threats due to its exploratory and reflexive nature. We expect to contribute to support designers in making more preemptive decisions about user privacy risk, helping them to introduce privacy early in the development cycle of social applications.Brazilian Computer Society2023-07-29info:eu-repo/semantics/articleinfo:eu-repo/semantics/publishedVersionapplication/pdfhttps://sol.sbc.org.br/journals/index.php/jis/article/view/323510.5753/jis.2023.3235Journal of Interactive Systems; v. 14 n. 1 (2023); 274-291Journal on Interactive Systems; Vol. 14 No. 1 (2023); 274-2912763-771910.5753/jis.2023reponame:Journal on Interactive Systemsinstname:Sociedade Brasileira de Computação (SBC)instacron:SBCenghttps://sol.sbc.org.br/journals/index.php/jis/article/view/3235/2301Copyright (c) 2023 Andrey Rodrigues, Maria Lúcia Villela, Eduardo Feitosahttp://creativecommons.org/licenses/by/4.0info:eu-repo/semantics/openAccessRodrigues, AndreyVillela, Maria LúciaFeitosa, Eduardo2023-10-12T20:47:00Zoai:ojs2.sol.sbc.org.br:article/3235Revistahttps://sol.sbc.org.br/journals/index.php/jis/ONGhttps://sol.sbc.org.br/journals/index.php/jis/oaijis@sbc.org.br2763-77192763-7719opendoar:2023-10-12T20:47Journal on Interactive Systems - Sociedade Brasileira de Computação (SBC)false |
dc.title.none.fl_str_mv |
Exploring how experienced and unexperienced professionals use a privacy threat modeling methodology |
title |
Exploring how experienced and unexperienced professionals use a privacy threat modeling methodology |
spellingShingle |
Exploring how experienced and unexperienced professionals use a privacy threat modeling methodology Rodrigues, Andrey Threat Modeling Privacy Threat Online Social Network Empirical Study |
title_short |
Exploring how experienced and unexperienced professionals use a privacy threat modeling methodology |
title_full |
Exploring how experienced and unexperienced professionals use a privacy threat modeling methodology |
title_fullStr |
Exploring how experienced and unexperienced professionals use a privacy threat modeling methodology |
title_full_unstemmed |
Exploring how experienced and unexperienced professionals use a privacy threat modeling methodology |
title_sort |
Exploring how experienced and unexperienced professionals use a privacy threat modeling methodology |
author |
Rodrigues, Andrey |
author_facet |
Rodrigues, Andrey Villela, Maria Lúcia Feitosa, Eduardo |
author_role |
author |
author2 |
Villela, Maria Lúcia Feitosa, Eduardo |
author2_role |
author author |
dc.contributor.author.fl_str_mv |
Rodrigues, Andrey Villela, Maria Lúcia Feitosa, Eduardo |
dc.subject.por.fl_str_mv |
Threat Modeling Privacy Threat Online Social Network Empirical Study |
topic |
Threat Modeling Privacy Threat Online Social Network Empirical Study |
description |
Online Social Networks (OSNs) have become one of the principal technological phenomena of the Web, gaining an eminent popularity among its users. With the growing worldwide expansion of OSN services, people have devoted time and effort to maintaining and manipulating their online identity on these systems. However, the processing of personal data through these networks has exposed users to various privacy threats. Consequently, new solutions need to be developed for addressing the threat scenarios to which a user is potentially exposed. In this sense, this paper proposes PTMOL (Privacy Threat MOdeling Language), an approach for modeling privacy threats in OSN domain. The proposed language aims to support the capture, organization and analysis of specific privacy threats that a user is exposed to when sharing assets in a social application, also enabling the definition of countermeasures to prevent or mitigate the effects of threat scenarios. The first language version has undergone a preliminary empirical study that identified its validity as a modeling language. The results indicate that the use of the language is potentially useful for identifying real privacy threats due to its exploratory and reflexive nature. We expect to contribute to support designers in making more preemptive decisions about user privacy risk, helping them to introduce privacy early in the development cycle of social applications. |
publishDate |
2023 |
dc.date.none.fl_str_mv |
2023-07-29 |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion |
format |
article |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
https://sol.sbc.org.br/journals/index.php/jis/article/view/3235 10.5753/jis.2023.3235 |
url |
https://sol.sbc.org.br/journals/index.php/jis/article/view/3235 |
identifier_str_mv |
10.5753/jis.2023.3235 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.relation.none.fl_str_mv |
https://sol.sbc.org.br/journals/index.php/jis/article/view/3235/2301 |
dc.rights.driver.fl_str_mv |
Copyright (c) 2023 Andrey Rodrigues, Maria Lúcia Villela, Eduardo Feitosa http://creativecommons.org/licenses/by/4.0 info:eu-repo/semantics/openAccess |
rights_invalid_str_mv |
Copyright (c) 2023 Andrey Rodrigues, Maria Lúcia Villela, Eduardo Feitosa http://creativecommons.org/licenses/by/4.0 |
eu_rights_str_mv |
openAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.publisher.none.fl_str_mv |
Brazilian Computer Society |
publisher.none.fl_str_mv |
Brazilian Computer Society |
dc.source.none.fl_str_mv |
Journal of Interactive Systems; v. 14 n. 1 (2023); 274-291 Journal on Interactive Systems; Vol. 14 No. 1 (2023); 274-291 2763-7719 10.5753/jis.2023 reponame:Journal on Interactive Systems instname:Sociedade Brasileira de Computação (SBC) instacron:SBC |
instname_str |
Sociedade Brasileira de Computação (SBC) |
instacron_str |
SBC |
institution |
SBC |
reponame_str |
Journal on Interactive Systems |
collection |
Journal on Interactive Systems |
repository.name.fl_str_mv |
Journal on Interactive Systems - Sociedade Brasileira de Computação (SBC) |
repository.mail.fl_str_mv |
jis@sbc.org.br |
_version_ |
1796797411491840000 |