https://github.com/OpenSecuritySummit/oss2019

title        : Lightweight privacy threat modeling using LINDDUN
type         : working-session
track        : Threat Model
topics       : 
technology   :
categories   :                      # GDPR, Juice Shop, etc.
featured     : yes                   # review with summit team "yes"
when_day     : Mon
when_time    : PM-2
room_layout  :                    #
room_id      : room-1
session_slack: https://os-summit.slack.com/messages/CAVPAADAA
status       : review-content             # draft, review-content, done
organizers   :
    - Steven Wierckx
    - Kim Wuyts
participants :
description  : Lightweight privacy threat modeling using LINDDUN
locked       : true

Why

Privacy by design is important; it is even required by EU data protection legislation. It however goes beyond the quick fixes that are typically associated with it (e.g. consent for newsletters) and requires a thorough analysis upfront of potential privacy issues in the system. LINDDUN privacy threat modeling can aid the analyst in this process to systematically elicit and mitigate privacy threats in software architectures.

What

This session will be twofold. First, we will highlight the differences between privacy and security threat modeling, introduce privacy properties and provide an overview of the LINDDUN threat modeling framework. Second, we will dive into the ongoing LINDDUN privacy threat modeling research, including the lightweight application of LINDDUN.

Outcomes

Input for a lightweight application of privacy threat modeling