Mitigation Lost in Translation: Leveraging Threat Information to Improve Privacy Solution Selection

The design and implementation of privacy-preserving software systems is supported by privacy threat modeling approaches such as LINDDUN to assist in the identification of privacy threats. Resolving the identified privacy threats requires the selection of appropriate countermeasures and solutions to apply to the system. However, there is limited support for non-expert users to determine which solutions are preferable given the identified privacy threats. In this paper, we present an approach for constructing solution guidance methods to guide these users from threats to appropriate privacy solutions. We focus on hard privacy threats such as identifiability, and apply our approach on the LINDDUN threat trees to construct selection-support in order to guide users from the threat tree nodes to the most appropriate mitigation countermeasures. In particular, we present 4 solution flowcharts that take privacy analysts from threat tree nodes through a set of questions to suitable privacy countermeasures. Our approach reuses substantial threat information in the solution selection, and thus, offers targeted counter measures toward specific threat causes.