BYU logo Computer Science
CS 465 Introduction to Security and Privacy

Privacy threat modeling

Objectives

In addition to thinking carefully about security threats, businesses need to thinks carefully about privacy threats. This project is intended to help you learn how a company might perform privacy threat modeling.

Requirements

For this project, you will use the LINDDUN GO privacy threat modeling framework. This method uses a set of cards to help you think through the process and elicit potential threats. The instructions describe a process where you use the cards to elicit a set of realistic privacy threats, based on a sketch of a company’s system. However, we will just have you use the cards to provide you with a list of a wide variety of privacy threats.

  1. Examine the cards to familiarize yourself with privacy threats. The card deck starts with some instructions. Then, on pages 5—18 you will see a set of cards displaying threat types. Finally, starting on page 19 you will see cards for individual threats, each with a threat number at the bottom left, e.g. L1. The last threat is the card on page 83. Each threat card corresponds to one of the types covered at the front of the deck.

  2. Choose a company thta stores data about people. Ideally you will have some familiarity about the type of data this company stores.

  3. Using the list of cards, identify a set of threats you think are realistic for this company’s system.

  4. Write a 2 page report describing potential privacy threats for the company. The report should start with a description of the company and the types of data they store. Then discuss the potential threats. For each threat, identify (a) the threat type, (b) the relevant threat card, (c) a detailed description of the threat, and (d) your estimate of the severity of the threat (Low, Medium, High).

Notice that this is similar to security threat modeling, answering questions such as What does the company do? and What can go wrong?. You will not cover mitigations or evaluating the effectiveness of the mitigations.

You can also see an overview of privacy threat types and some examples.

Submission

List the full name of all group members in your report. Have one group member submit a PDF with your group’s report. We will give identical grades to all group members.