PTMOL: A Privacy Threat Modeling Language for Online Social Networks
Resumo
Online Social Networks (OSNs) have become one of the main technological phenomena on the Web, gaining significant popularity among users. With the growing global expansion of OSN services, people have begun to dedicate time and effort to maintaining and manipulating their online identities in these systems. However, the processing of personal data through these networks has exposed users to various types of privacy threats. Consequently, new solutions need to be developed to address the threat scenarios to which users are potentially exposed. In this context, this work proposes PTMOL (Privacy Threat Modeling Language), a language for modeling privacy threats in OSNs. Through a systematic mapping of the literature, it was possible to identify and analyze the main gaps not covered by current solutions. From this mapping, a new solution was developed, refined, and adapted to the context of privacy in OSNs. The proposed language aims to support the early identification of threats to which a user may be exposed and to determine what privacy controls an OSN needs to implement to mitigate the effects and consequences of these threats. The language was evaluated through a set of empirical studies that validated the proposal’s validity and reliability. The results of these studies indicate that the use of PTMOL is potentially useful for identifying real privacy threats due to its exploratory and reflective nature. Therefore, PTMOL can be incorporated into the development of OSNs at the design level and can help designers and software engineers introduce threat modeling into their projects without requiring a high level of expertise in the area of privacy.
Palavras-chave:
Online Social Network (OSN), Privacy Threats, Threat Modeling, Privacy Threat Modeling, Modeling Language, Empirical Study
Referências
Jemal H Abawajy, Mohd Izuan Hafez Ninggal, and Tutut Herawan. 2016. Privacy preserving social network data publication. IEEE communications surveys & tutorials 18, 3 (2016), 1974–1997
Younes Abid, Abdessamad Imine, and Michael Rusinowitch. 2018. Online testing of user profile resilience against inference attacks in social networks. In European Conference on Advances in Databases and Information Systems. Springer, 105–117
Charu C Aggarwal. 2011. An introduction to social network data analytics. In Social network data analytics. Springer, 1–15
H.A. Al-Asmari and M.S. Saleh. 2019. A conceptual framework for measuring personal privacy risks in facebook online social network. 2019 International Conference on Computer and Information Sciences, ICCIS 2019 (2019). DOI: 10.1109/ICCISci.2019.8716477
Ian Alexander. 2003. Misuse cases: Use cases with hostile intent. IEEE software 20, 1 (2003), 58–66
Shaukat Ali, Naveed Islam, Azhar Rauf, Ikram Ud Din, Mohsen Guizani, and Joel JPC Rodrigues. 2018. Privacy and security issues in online social networks. Future Internet 10, 12 (2018), 114
Irwin Altman. 1975. The Environment and Social Behavior: Privacy, Personal Space, Territory, and Crowding. (1975)
Simone Barbosa and Bruno Silva. 2010. Interação humano-computador. Elsevier Brasil
Ann Cavoukian et al. 2009. Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada 5 (2009), 12
Valerian J Derlega and Alan L Chaikin. 1977. Privacy and self-disclosure in social relationships. Journal of Social Issues 33, 3 (1977), 102–115
Aline Dresch, Daniel Pacheco Lacerda, and Paulo Augusto Cauchick Miguel. 2015. Uma análise distintiva entre o estudo de caso, a pesquisa-ação e a design science research. Revista Brasileira de Gestão de Negócios 17 (2015), 1116–1133
Suguo Du, Xiaolong Li, Jinli Zhong, Lu Zhou, Minhui Xue, Haojin Zhu, and Limin Sun. 2018. Modeling privacy leakage risks in large-scale social networks. IEEE Access 6 (2018), 17653–17665
Liliana Gonzalez, Pedro Wightman Rojas, M Labrador, et al. 2014. A survey on privacy in location-based services. Ingeniería y Desarrollo 32, 2 (2014), 314–343
S. Joyee De and A. Imine. 2019. On Consent in Online Social Networks: Privacy Impacts and Research Directions (Short Paper). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11391 LNCS (2019), 128–135
Rafiullah Khan, Kieran McLaughlin, David Laverty, and Sakir Sezer. 2017. STRIDEbased threat modeling for cyber-physical systems. In 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe). IEEE, 1–6
Kyoung Ho Kim, Kyounggon Kim, and Huy Kang Kim. 2021. STRIDE-based threat modeling and DREAD evaluation for the distributed control system in the oil refinery. ETRI Journal (2021)
Carlos Laorden, Borja Sanz, Gonzalo Alvarez, and Pablo G Bringas. 2010. A threat model approach to threats and vulnerabilities in on-line social networks. In Computational Intelligence in Security for Information Systems 2010. Springer, 135–142
Jintae Lee. 1997. Design rationale systems: understanding the issues. IEEE expert 12, 3 (1997), 78–85
Microsoft. 2003. Threat Modeling. [link]
Samia Oukemeni, Helena Rifà-Pous, and Joan Manuel Marquès Puig. 2019. Privacy analysis on microblogging online social networks: a survey. ACM Computing Surveys (CSUR) 52, 3 (2019), 1–36
Maria Cecilia Focesi Pelicioni et al. 2001. A utilização do grupo focal como metodologia qualitativa na promoção da saúde. Revista da Escola de Enfermagem da USP 35 (2001), 115–121
Sandra Petronio. 2002. Boundaries of privacy: Dialectics of disclosure. Suny Press
Andreas Pfitzmann and Marit Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management
Bradley Potteiger, Goncalo Martins, and Xenofon Koutsoukos. 2016. Software and attack centric integrated threat modeling for quantitative risk assessment. In Proceedings of the Symposium and Bootcamp on the Science of Security. 99–108
Kai Rannenberg. 2011. ISO/IEC standardization of identity management and privacy technologies. Datenschutz und Datensicherheit-DuD 35, 1 (2011), 27–29
S. Rathore, P.K. Sharma, V. Loia, Y.-S. Jeong, and J.H. Park. 2017. Social network security: Issues, challenges, threats, and solutions. Information Sciences 421 (2017), 43–69.
Andrey Rodrigues, Maria Villela, and Eduardo Feitosa. 2022. PTMOL: a suitable approach for modeling privacy threats in online social networks. In Anais do XXI Simpósio Brasileiro sobre Fatores Humanos em Sistemas Computacionais (Diamantina). SBC, Porto Alegre, RS, Brasil
Andrey Rodrigues, Maria Villela, and Eduardo Feitosa. 2023. Linguagem para a Modelagem de Ameaças de Privacidade. In Anais Estendidos do XXII Simpósio Brasileiro de Fatores Humanos em Sistemas Computacionais (Maceió/AL). SBC, Porto Alegre, RS, Brasil, 251–255
Andrey Rodrigues, Maria Lúcia Villela, and Eduardo Feitosa. 2023. Exploring how experienced and unexperienced professionals use a privacy threat modeling methodology. Journal on Interactive Systems 14, 1 (2023), 274–291
Andrey Rodrigues, Maria Lúcia Villela, and Eduardo Feitosa. 2024. A Systematic Mapping Study on Social Network Privacy: Threats and Solutions. Comput. Surveys 56, 7, Article 182 (apr 2024), 29 pages
Andrey Rodrigues, Maria Lúcia Bento Villela, and Eduardo Luzeiro Feitosa. 2023. Privacy Threat MOdeling Language. IEEE Access 11 (2023), 24448–24471
Borja Sanz, Carlos Laorden, Gonzalo Alvarez, and Pablo G Bringas. 2010. A threat model approach to attacks and countermeasures in on-line social networks. In Proceedings of the 11th Reunion Espanola de Criptografıa y Seguridad de la Información (RECSI) (2010), 343–348
Bruce Schneier. 1999. Attack trees. Dr. Dobb’s journal 24, 12 (1999), 21–29
Adam Shostack. 2008. Experiences Threat Modeling at Microsoft. MODSEC@ MoDELS 2008 (2008), 35
Adam Shostack. 2014. Threat modeling: Designing for security. John Wiley & Sons
Forrest Shull, Jeffrey Carver, and Guilherme H Travassos. 2001. An empirical methodology for introducing software processes. ACM SIGSOFT Software Engineering Notes 26, 5 (2001), 288–296
Madhuri Siddula, Lijie Li, and Yingshu Li. 2018. An empirical study on the privacy preservation of online social networks. IEEE Access 6 (2018), 19912–19922
Guttorm Sindre and Andreas L Opdahl. 2005. Eliciting security requirements with misuse cases. Requirements engineering 10, 1 (2005), 34–44
Olivia Solon. 2018. Facebook says Cambridge Analytica may have gained 37m more users’ data. The Guardian 4 (2018)
Tony UcedaVelez and Marco M Morana. 2015. Risk Centric Threat Modeling: process for attack simulation and threat analysis. John Wiley & Sons
H.Q. Vu, R. Law, and G. Li. 2019. Breach of traveller privacy in location-based social media. Current Issues in Tourism 22, 15 (2019), 1825–1840
Y. Wang and R.K. Nepali. 2015. Privacy threat modeling framework for online social networks. 2015 International Conference on Collaboration Technologies and Systems, CTS 2015 (2015), 358–363
G. Wen, H. Liu, J. Yan, and Z. Wu. 2018. A privacy analysis method to anonymous graph based on bayes rule in social networks. Proceedings 14th International Conference on Computational Intelligence and Security, CIS 2018 (2018), 469–472
Roel J Wieringa. 2014. Design science methodology for information systems and software engineering. Springer
Kim Wuyts, Riccardo Scandariato, and Wouter Joosen. 2014. Empirical evaluation of a privacy-focused threat modeling methodology. Journal of Systems and Software 96 (2014), 122–138
Kim Wuyts, Dimitri Van Landuyt, Aram Hovsepyan, and Wouter Joosen. 2018. Effective and efficient privacy threat modeling through domain refinements. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing. 1175– 1178
Wenjun Xiong and Robert Lagerström. 2019. Threat modeling–A systematic literature review. Computers & security 84 (2019), 53–69
Heng Xu, Hock-Hai Teo, and Bernard Tan. 2005. Predicting the adoption of location-based services: the role of trust and perceived privacy risk. ICIS 2005 proceedings (2005), 71
Y. Zeng, Y. Sun, L. Xing, and V. Vokkarane. 2015. A study of online social network privacy via the TAPE framework. IEEE Journal on Selected Topics in Signal Processing 9, 7 (2015), 1270–1284
Younes Abid, Abdessamad Imine, and Michael Rusinowitch. 2018. Online testing of user profile resilience against inference attacks in social networks. In European Conference on Advances in Databases and Information Systems. Springer, 105–117
Charu C Aggarwal. 2011. An introduction to social network data analytics. In Social network data analytics. Springer, 1–15
H.A. Al-Asmari and M.S. Saleh. 2019. A conceptual framework for measuring personal privacy risks in facebook online social network. 2019 International Conference on Computer and Information Sciences, ICCIS 2019 (2019). DOI: 10.1109/ICCISci.2019.8716477
Ian Alexander. 2003. Misuse cases: Use cases with hostile intent. IEEE software 20, 1 (2003), 58–66
Shaukat Ali, Naveed Islam, Azhar Rauf, Ikram Ud Din, Mohsen Guizani, and Joel JPC Rodrigues. 2018. Privacy and security issues in online social networks. Future Internet 10, 12 (2018), 114
Irwin Altman. 1975. The Environment and Social Behavior: Privacy, Personal Space, Territory, and Crowding. (1975)
Simone Barbosa and Bruno Silva. 2010. Interação humano-computador. Elsevier Brasil
Ann Cavoukian et al. 2009. Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada 5 (2009), 12
Valerian J Derlega and Alan L Chaikin. 1977. Privacy and self-disclosure in social relationships. Journal of Social Issues 33, 3 (1977), 102–115
Aline Dresch, Daniel Pacheco Lacerda, and Paulo Augusto Cauchick Miguel. 2015. Uma análise distintiva entre o estudo de caso, a pesquisa-ação e a design science research. Revista Brasileira de Gestão de Negócios 17 (2015), 1116–1133
Suguo Du, Xiaolong Li, Jinli Zhong, Lu Zhou, Minhui Xue, Haojin Zhu, and Limin Sun. 2018. Modeling privacy leakage risks in large-scale social networks. IEEE Access 6 (2018), 17653–17665
Liliana Gonzalez, Pedro Wightman Rojas, M Labrador, et al. 2014. A survey on privacy in location-based services. Ingeniería y Desarrollo 32, 2 (2014), 314–343
S. Joyee De and A. Imine. 2019. On Consent in Online Social Networks: Privacy Impacts and Research Directions (Short Paper). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 11391 LNCS (2019), 128–135
Rafiullah Khan, Kieran McLaughlin, David Laverty, and Sakir Sezer. 2017. STRIDEbased threat modeling for cyber-physical systems. In 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe). IEEE, 1–6
Kyoung Ho Kim, Kyounggon Kim, and Huy Kang Kim. 2021. STRIDE-based threat modeling and DREAD evaluation for the distributed control system in the oil refinery. ETRI Journal (2021)
Carlos Laorden, Borja Sanz, Gonzalo Alvarez, and Pablo G Bringas. 2010. A threat model approach to threats and vulnerabilities in on-line social networks. In Computational Intelligence in Security for Information Systems 2010. Springer, 135–142
Jintae Lee. 1997. Design rationale systems: understanding the issues. IEEE expert 12, 3 (1997), 78–85
Microsoft. 2003. Threat Modeling. [link]
Samia Oukemeni, Helena Rifà-Pous, and Joan Manuel Marquès Puig. 2019. Privacy analysis on microblogging online social networks: a survey. ACM Computing Surveys (CSUR) 52, 3 (2019), 1–36
Maria Cecilia Focesi Pelicioni et al. 2001. A utilização do grupo focal como metodologia qualitativa na promoção da saúde. Revista da Escola de Enfermagem da USP 35 (2001), 115–121
Sandra Petronio. 2002. Boundaries of privacy: Dialectics of disclosure. Suny Press
Andreas Pfitzmann and Marit Hansen. 2010. A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management
Bradley Potteiger, Goncalo Martins, and Xenofon Koutsoukos. 2016. Software and attack centric integrated threat modeling for quantitative risk assessment. In Proceedings of the Symposium and Bootcamp on the Science of Security. 99–108
Kai Rannenberg. 2011. ISO/IEC standardization of identity management and privacy technologies. Datenschutz und Datensicherheit-DuD 35, 1 (2011), 27–29
S. Rathore, P.K. Sharma, V. Loia, Y.-S. Jeong, and J.H. Park. 2017. Social network security: Issues, challenges, threats, and solutions. Information Sciences 421 (2017), 43–69.
Andrey Rodrigues, Maria Villela, and Eduardo Feitosa. 2022. PTMOL: a suitable approach for modeling privacy threats in online social networks. In Anais do XXI Simpósio Brasileiro sobre Fatores Humanos em Sistemas Computacionais (Diamantina). SBC, Porto Alegre, RS, Brasil
Andrey Rodrigues, Maria Villela, and Eduardo Feitosa. 2023. Linguagem para a Modelagem de Ameaças de Privacidade. In Anais Estendidos do XXII Simpósio Brasileiro de Fatores Humanos em Sistemas Computacionais (Maceió/AL). SBC, Porto Alegre, RS, Brasil, 251–255
Andrey Rodrigues, Maria Lúcia Villela, and Eduardo Feitosa. 2023. Exploring how experienced and unexperienced professionals use a privacy threat modeling methodology. Journal on Interactive Systems 14, 1 (2023), 274–291
Andrey Rodrigues, Maria Lúcia Villela, and Eduardo Feitosa. 2024. A Systematic Mapping Study on Social Network Privacy: Threats and Solutions. Comput. Surveys 56, 7, Article 182 (apr 2024), 29 pages
Andrey Rodrigues, Maria Lúcia Bento Villela, and Eduardo Luzeiro Feitosa. 2023. Privacy Threat MOdeling Language. IEEE Access 11 (2023), 24448–24471
Borja Sanz, Carlos Laorden, Gonzalo Alvarez, and Pablo G Bringas. 2010. A threat model approach to attacks and countermeasures in on-line social networks. In Proceedings of the 11th Reunion Espanola de Criptografıa y Seguridad de la Información (RECSI) (2010), 343–348
Bruce Schneier. 1999. Attack trees. Dr. Dobb’s journal 24, 12 (1999), 21–29
Adam Shostack. 2008. Experiences Threat Modeling at Microsoft. MODSEC@ MoDELS 2008 (2008), 35
Adam Shostack. 2014. Threat modeling: Designing for security. John Wiley & Sons
Forrest Shull, Jeffrey Carver, and Guilherme H Travassos. 2001. An empirical methodology for introducing software processes. ACM SIGSOFT Software Engineering Notes 26, 5 (2001), 288–296
Madhuri Siddula, Lijie Li, and Yingshu Li. 2018. An empirical study on the privacy preservation of online social networks. IEEE Access 6 (2018), 19912–19922
Guttorm Sindre and Andreas L Opdahl. 2005. Eliciting security requirements with misuse cases. Requirements engineering 10, 1 (2005), 34–44
Olivia Solon. 2018. Facebook says Cambridge Analytica may have gained 37m more users’ data. The Guardian 4 (2018)
Tony UcedaVelez and Marco M Morana. 2015. Risk Centric Threat Modeling: process for attack simulation and threat analysis. John Wiley & Sons
H.Q. Vu, R. Law, and G. Li. 2019. Breach of traveller privacy in location-based social media. Current Issues in Tourism 22, 15 (2019), 1825–1840
Y. Wang and R.K. Nepali. 2015. Privacy threat modeling framework for online social networks. 2015 International Conference on Collaboration Technologies and Systems, CTS 2015 (2015), 358–363
G. Wen, H. Liu, J. Yan, and Z. Wu. 2018. A privacy analysis method to anonymous graph based on bayes rule in social networks. Proceedings 14th International Conference on Computational Intelligence and Security, CIS 2018 (2018), 469–472
Roel J Wieringa. 2014. Design science methodology for information systems and software engineering. Springer
Kim Wuyts, Riccardo Scandariato, and Wouter Joosen. 2014. Empirical evaluation of a privacy-focused threat modeling methodology. Journal of Systems and Software 96 (2014), 122–138
Kim Wuyts, Dimitri Van Landuyt, Aram Hovsepyan, and Wouter Joosen. 2018. Effective and efficient privacy threat modeling through domain refinements. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing. 1175– 1178
Wenjun Xiong and Robert Lagerström. 2019. Threat modeling–A systematic literature review. Computers & security 84 (2019), 53–69
Heng Xu, Hock-Hai Teo, and Bernard Tan. 2005. Predicting the adoption of location-based services: the role of trust and perceived privacy risk. ICIS 2005 proceedings (2005), 71
Y. Zeng, Y. Sun, L. Xing, and V. Vokkarane. 2015. A study of online social network privacy via the TAPE framework. IEEE Journal on Selected Topics in Signal Processing 9, 7 (2015), 1270–1284
Publicado
07/11/2024
Como Citar
RODRIGUES, Andrey Antonio de Oliveira; VILLELA, Maria Lúcia Bento; FEITOSA, Eduardo Luzeiro.
PTMOL: A Privacy Threat Modeling Language for Online Social Networks. In: SIMPÓSIO BRASILEIRO SOBRE FATORES HUMANOS EM SISTEMAS COMPUTACIONAIS (IHC), 23. , 2024, Brasília/DF.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 515-528.
