Advanced Cloud Privacy Threat Modeling

TL;DR

This paper introduces an extended Cloud Privacy Threat Modeling methodology to better identify and address privacy threats in cloud computing, aiding privacy-preserving software development.

Contribution

It extends existing CPTM methodology using Method Engineering to improve privacy threat modeling in cloud environments.

Findings

Provides a structured threat modeling methodology for cloud privacy.

Facilitates privacy-preserving cloud software development.

Enhances identification of vulnerabilities in cloud data processing.

Abstract

Privacy-preservation for sensitive data has become a challenging issue in cloud computing. Threat modeling as a part of requirements engineering in secure software development provides a structured approach for identifying attacks and proposing countermeasures against the exploitation of vulnerabilities in a system . This paper describes an extension of Cloud Privacy Threat Modeling (CPTM) methodology for privacy threat modeling in relation to processing sensitive data in cloud computing environments. It describes the modeling methodology that involved applying Method Engineering to specify characteristics of a cloud privacy threat modeling methodology, different steps in the proposed methodology and corresponding products. We believe that the extended methodology facilitates the application of a privacy-preserving cloud software development approach from requirements engineering to design.