Leveraging the Domain Experts: Specializing Privacy Threat Knowledge

Leveraging the Domain Experts: Specializing Privacy Threat Knowledge

연구 분야: Safety

학회: European Symposium on Research in Computer Security

The design and development of privacy-preserving software systems remains a challenging endeavor, especially with the wide-spread adoption of potentially privacy-harmful technologies such as ML/AI, LLMs, telemetry, etc. Current privacy threat knowledge consolidation efforts mainly focus on the ontological generalization of threat knowledge. The generic encoding of privacy threat knowledge is useful for increasing overall awareness of the diversity and scope of privacy threats and promoting broader application of privacy threat analysis. However, it also inhibits reuse of threat knowledge that is more tailored to the organization context or application domain. There is thus an emerging need to encode, manage, and share specialized privacy threat knowledge that may be more domain-, technology-, or organization-specific. In this position paper, we outline a vision and roadmap towards improved support for the overall management of privacy threat knowledge, and particularly we envision advanced knowledge modeling support for capturing specialized threat knowledge, supporting evolution, customization, and reuse.