Abstract As individuals engage with innovative technologies, including smart cars and smart homes, a comprehensive treatment of the threats to their privacy becomes increasingly urgent. This article recognises the relevance of security and, in particular, privacy threat modelling, especially under the umbrella of GDPR compliance, and addresses the challenge of the pursuit of completeness in eliciting security and privacy threats. The core contribution is SPADA, a methodology for threat modelling revolving around five key variables (whose initials form the acronym that names the methodology). These are: “Source of documentation”, “Property”, “Application domain”, “Detail (level of)” and “Agent(s) raising the threats”, and clarify the essential variable elements of the threat modelling activity. SPADA requires the analyst to duly instantiate each variable but offers increased structure and automation in return. The methodology is applied to the domains of smart cars and smart homes, considering both soft and hard privacy. This yields 23 domain-independent threats for soft privacy, and 29 domain-independent threats for hard privacy. Both these lists of threats are then tailored to the smart car domain by appropriate combination with the 43 identified assets, producing a total of 785 privacy threats for smart cars. Similarly, appropriate combination with the 127 assets identified in the smart home domain produces a total of 1502 privacy threats for smart homes.

Load

Load