Options
Empirical evaluation of a privacy-focused threat modeling methodology
Publikationstyp
Journal Article
Date Issued
2014-06-02
Sprache
English
Author(s)
Volume
96
Start Page
122
End Page
138
Citation
Journal of Systems and Software 96: 122-138 (2014)
Publisher DOI
Scopus ID
Publisher
Elsevier
Privacy is a key issue in today's society. Software systems handle more and more sensitive information concerning citizens. It is important that such systems are privacy-friendly by design. In previous work, we proposed a privacy threat analysis methodology, named LINDDUN. The methodology supports requirements engineers and software architects in identifying privacy weaknesses in the system they contribute to developing. As this is a fairly new technique, its results when applied in realistic scenarios are yet unknown. This paper presents a series of three empirical studies that thoroughly evaluate LINDDUN from a multi-faceted perspective. Our assessment characterizes the correctness and completeness of the analysis results produced by LINDDUN, as well as the productivity associated with executing the methodology. We also look into aspects such as the ease of use and reliability of LINDDUN. The results are encouraging, overall. However, some areas for further improvement have been identified as a result of this empirical inquiry.
Subjects
Empirical study
Privacy
Threats
DDC Class
004: Informatik