Empirical evaluation of a privacy-focused threat modeling methodology |
| |
| Affiliation: | 1. University of Koblenz-Landau, Universitätsstraße 1, 56070, Koblenz, Germany;2. adesso AG, Stockholmer Allee 200, 44269 Dortmund, Germany;3. Lebniz University Hannover, Welfengarten 1, 30167 Hannover, Germany;4. Fraunhofer ISST, Emil-Figge-Straße 91, 44227 Dortmund, Germany;1. The Open University, Milton Keynes, UK;2. University of Derby, Derby, UK;3. University of Twente, Enschede, The Netherlands;4. Lero the Irish Software Engineering Research Centre, University of Limerick, Ireland;1. Faculty of Computer Science, University of New Brunswick, Canada;2. Department of Electrical and Computer Engineering, Ryerson University, Canada;1. Department of Computer and Information Science, Norwegian University of Science and Technology, Sem Sælands vei 7-9, NO-7491 Trondheim, Norway;2. Department of Information Science and Media Studies, University of Bergen, P.O. Box 7802, NO-5020 Bergen, Norway |
| |
| Abstract: | Privacy is a key issue in today's society. Software systems handle more and more sensitive information concerning citizens. It is important that such systems are privacy-friendly by design. In previous work, we proposed a privacy threat analysis methodology, named LINDDUN. The methodology supports requirements engineers and software architects in identifying privacy weaknesses in the system they contribute to developing. As this is a fairly new technique, its results when applied in realistic scenarios are yet unknown. This paper presents a series of three empirical studies that thoroughly evaluate LINDDUN from a multi-faceted perspective. Our assessment characterizes the correctness and completeness of the analysis results produced by LINDDUN, as well as the productivity associated with executing the methodology. We also look into aspects such as the ease of use and reliability of LINDDUN. The results are encouraging, overall. However, some areas for further improvement have been identified as a result of this empirical inquiry. |
| |
| Keywords: | Privacy Threats Empirical study |
| 本文献已被 ScienceDirect 等数据库收录! |
|
