Exploring how experienced and unexperienced professionals use a privacy threat modeling methodology





Threat Modeling, Privacy Threat, Online Social Network, Empirical Study


Online Social Networks (OSNs) have become one of the principal technological phenomena of the Web, gaining an eminent popularity among its users. With the growing worldwide expansion of OSN services, people have devoted time and effort to maintaining and manipulating their online identity on these systems. However, the processing of personal data through these networks has exposed users to various privacy threats. Consequently, new solutions need to be developed for addressing the threat scenarios to which a user is potentially exposed. In this sense, this paper proposes PTMOL (Privacy Threat MOdeling Language), an approach for modeling privacy threats in OSN domain. The proposed language aims to support the capture, organization and analysis of specific privacy threats that a user is exposed to when sharing assets in a social application, also enabling the definition of countermeasures to prevent or mitigate the effects of threat scenarios. The first language version has undergone a preliminary empirical study that identified its validity as a modeling language. The results indicate that the use of the language is potentially useful for identifying real privacy threats due to its exploratory and reflexive nature. We expect to contribute to support designers in making more preemptive decisions about user privacy risk, helping them to introduce privacy early in the development cycle of social applications.


Download data is not yet available.


Abawajy, J. H., Ninggal, M. I. H., and Herawan, T. (2016). Privacy preserving social network data publication. IEEE communications surveys & tutorials, 18(3):1974–1997.

Abid, Y., Imine, A., and Rusinowitch, M. (2018). Online testing of user profile resilience against inference attacks in social networks. In European Conference on Advances in Databases and Information Systems, pages 105–117. Springer.

Aktypi, A., Nurse, J., and Goldsmith, M. (2017). Unwinding ariadne’s identity thread: Privacy risks with fitness trackers and online social networks. volume 2017-January, pages 1–11.

Al-Asmari, H. and Saleh, M. (2019). A conceptual framework for measuring personal privacy risks in facebook on-line social network.

Ali, S., Islam, N., Rauf, A., Din, I. U., Guizani, M., and Rodrigues, J. J. (2018). Privacy and security issues in online social networks. Future Internet, 10(12):114.

Ali, S., Rauf, A., Islam, N., and Farman, H. (2019). A framework for secure and privacy protected collaborative contents sharing using public osn. Cluster Computing, 22:7275–7286.

Altman, I. (1975). The environment and social behavior: Privacy, personal space, territory, and crowding.

Basili, V. R. (1996). The role of experimentation in software engineering: past, current, and future. In Proceedings of IEEE 18th International Conference on Software Engineering, pages 442–449. IEEE.

Bioglio, L., Capecchi, S., Peiretti, F., Sayed, D., Torasso, A., and Pensa, R. (2019). A social network simulation game to raise awareness of privacy among school children. IEEE Transactions on Learning Technologies, 12(4):456–469.

Casas, I., Hurtado, J., and Zhu, X. (2015). Social network privacy: Issues and measurement. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 9419:488–502.

Cavoukian, A. et al. (2009). Privacy by design: The 7 foundational principles. Information and privacy commissioner of Ontario, Canada, 5:12.

Davies, H. (2015). Ted cruz using firm that harvested data on millions of unwitting facebook users. the Guardian, 11:2015.

De, S. and Imine, A. (2018a). Privacy scoring of social network user profiles through risk analysis. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 10694 LNCS:227–243.

De, S. and Imine, A. (2018b). To reveal or not to reveal: Balancing user-centric social benefit and privacy in online social networks. pages 1157–1164.

Derlega, V. J. and Chaikin, A. L. (1977). Privacy and self-disclosure in social relationships. Journal of Social Issues, 33(3):102–115.

Dong, C. and Zhou, B. (2016). Privacy inference analysis on event-based social networks. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 10047 LNCS:421–438.

Fernandez, A., Abrahão, S., Insfran, E., and Matera, M. (2012). Further analysis on the validation of a usability inspection method for model-driven web development. In Proceedings of the ACM-IEEE international symposium on Empirical software engineering and measurement, pages 153–156.

Fogues, R., Such, J., Espinosa, A., and Garcia-Fornes, A. (2015). Open challenges in relationship-based privacy mechanisms for social network services. International Journal of Human-Computer Interaction, 31(5):350–370.

Jaafor, O. and Birregah, B. (2015). Multi-layered graph-based model for social engineering vulnerability assessment. In 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM), pages 1480–1488. IEEE.

Joyee De, S. and Imine, A. (2019). On consent in online social networks: Privacy impacts and research directions (short paper). Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 11391 LNCS:128–135.

Kagan, D., Alpert, G. F., and Fire, M. (2020). Zooming into video conferencing privacy and security threats. arXiv preprint arXiv:2007.01059.

Kavianpour, S., Ismail, Z., and Mohtasebi, A. (2011). Effectiveness of using integrated algorithm in preserving privacy of social network sites users. Communications in Computer and Information Science, 167 CCIS(PART 2):237–249.

Khan, R., McLaughlin, K., Laverty, D., and Sezer, S. (2017). Stride-based threat modeling for cyber-physical systems. In 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), pages 1–6. IEEE.

Kim, K. H., Kim, K., and Kim, H. K. (2021). Stride-based threat modeling and dread evaluation for the distributed control system in the oil refinery. ETRI Journal.

Kumar, H., Jain, S., and Srivastava, R. (2017). Risk analysis of online social networks. pages 846–851.

Laitenberger, O. and Dreyer, H. M. (1998). Evaluating the usefulness and the ease of use of a web-based inspection data collection tool. In Proceedings Fifth International Software Metrics Symposium. Metrics (Cat. No. 98TB100262), pages 122–132. IEEE.

Laorden, C., Sanz, B., Alvarez, G., and Bringas, P. G. (2010). A threat model approach to threats and vulnerabilities in on-line social networks. In Computational Intelligence in Security for Information Systems 2010, pages 135–142. Springer.

Lazar, J. and Barbosa, S. D. (2017). Introduction to human-computer interaction. In Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems, pages 1202–1204.

Lowson, B. (2005). How designers think. the design process demystified. Tehran: University of Shahid-Beheshti.

Mahmood, S. (2012). New privacy threats for facebook and twitter users. pages 164–169.

Marangunić, N. and Granić, A. (2015). Technology acceptance model: a literature review from 1986 to 2013. Universal access in the information society, 14:81–95.

Oukemeni, S., Rifà-Pous, H., and Puig, J. M. M. (2019). Privacy analysis on microblogging online social networks: a survey. ACM Computing Surveys (CSUR), 52(3):1–36.

Petronio, S. (2002). Boundaries of privacy: Dialectics of disclosure. Suny Press.

Pfitzmann, A. and Hansen, M. (2010). A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management.

Potteiger, B., Martins, G., and Koutsoukos, X. (2016). Software and attack centric integrated threat modeling for quantitative risk assessment. In Proceedings of the Symposium and Bootcamp on the Science of Security, pages 99–108.

Preece, J., Rogers, Y., Sharp, H., Benyon, D., Holland, S., and Carey, T. (1994). Human-computer interaction. Addison-Wesley Longman Ltd.

Rannenberg, K. (2011). Iso/iec standardization of identity management and privacy technologies. Datenschutz und Datensicherheit-DuD, 35(1):27–29.

Rathore, S., Sharma, P., Loia, V., Jeong, Y.-S., and Park, J. (2017). Social network security: Issues, challenges, threats, and solutions. Information Sciences, 421:43–69.

Sanz, B., Laorden, C., Alvarez, G., and Bringas, P. G. (2010). A threat model approach to attacks and countermeasures in on-line social networks. In Proceedings of the 11th Reunion Espanola de Criptografıa y Seguridad de la Información (RECSI), pages 343–348.

Scandariato, R., Wuyts, K., and Joosen, W. (2015). A descriptive study of microsoft’s threat modeling technique. Requirements Engineering, 20(2):163–180.

Shi, Z., Graffi, K., Starobinski, D., and Matyunin, N. (2021). Threat modeling tools: A taxonomy. IEEE Security & Privacy, (01):2–13.

Shokri, R., Theodorakopoulos, G., Troncoso, C., Hubaux, J.-P., and Le Boudec, J.-Y. (2012). Protecting location privacy: optimal strategy against localization attacks. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 617–627.

Shostack, A. (2008). Experiences threat modeling at microsoft. MODSEC@ MoDELS, 2008:35.

Shostack, A. (2014). Threat modeling: Designing for security. John Wiley & Sons.

Shull, F., Carver, J., and Travassos, G. H. (2001). An empirical methodology for introducing software processes. ACM SIGSOFT Software Engineering Notes, 26(5):288–296.

Siddula, M., Li, L., and Li, Y. (2018). An empirical study on the privacy preservation of online social networks. IEEE Access, 6:19912–19922.

Solon, O. (2018). Facebook says cambridge analytica may have gained 37m more users’ data. The Guardian, 4.

Sramka, M. (2012). Privacy scores: Assessing privacy risks beyond social networks. Infocommunications Journal, 4(4):36–41.

Tucker, R., Tucker, C., and Zheng, J. (2015). Privacy pal: Improving permission safety awareness of third party applications in online social networks. pages 1268–1273.

UcedaVelez, T. and Morana, M. M. (2015). Risk Centric Threat Modeling: process for attack simulation and threat analysis. John Wiley & Sons.

Vu, H., Law, R., and Li, G. (2019). Breach of traveller privacy in location-based social media. Current Issues in Tourism, 22(15):1825–1840.

Wang, Y. and Nepali, R. (2015). Privacy threat modeling framework for online social networks. pages 358–363.

Watanabe, C., Amagasa, T., and Liu, L. (2011). Privacy risks and countermeasures in publishing and mining social network data. pages 55–66.

Wen, G., Liu, H., Yan, J., and Wu, Z. (2018). A privacy analysis method to anonymous graph based on bayes rule in social networks. pages 469–472.

Wohlin, C., Runeson, P., Höst, M., Ohlsson, M. C., Regnell, B., and Wesslén, A. (2012). Experimentation in software engineering. Springer Science & Business Media.

Wuyts, K., Van Landuyt, D., Hovsepyan, A., and Joosen, W. (2018). Effective and efficient privacy threat modeling through domain refinements. In Proceedings of the 33rd Annual ACM Symposium on Applied Computing, pages 1175–1178.

Xiong, W. and Lagerström, R. (2019). Threat modeling–a systematic literature review. Computers & security, 84:53–69.

Xu, H., Teo, H.-H., and Tan, B. (2005). Predicting the adoption of location-based services: the role of trust and perceived privacy risk. ICIS 2005 proceedings, page 71.

Zeng, Y., Sun, Y., Xing, L., and Vokkarane, V. (2015). A study of online social network privacy via the tape framework. IEEE Journal on Selected Topics in Signal Processing, 9(7):1270–1284.

Zheleva, E. and Getoor, L. (2009). To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In Proceedings of the 18th international conference on World wide web, pages 531–540.

Zheleva, E. and Getoor, L. (2011). Privacy in social networks: A survey. In Social network data analytics, pages 277–306. Springer.




How to Cite

RODRIGUES, A.; VILLELA, M. L.; FEITOSA, E. Exploring how experienced and unexperienced professionals use a privacy threat modeling methodology. Journal on Interactive Systems, Porto Alegre, RS, v. 14, n. 1, p. 274–291, 2023. DOI: 10.5753/jis.2023.3235. Disponível em: https://sol.sbc.org.br/journals/index.php/jis/article/view/3235. Acesso em: 1 oct. 2023.



Regular Paper