A Threat Model for Soft Privacy on Smart Cars

TL;DR

This paper develops a comprehensive threat model for soft privacy in smart cars, addressing the increasing data privacy concerns in highly computerized vehicles and providing a structured approach for privacy risk assessment.

Contribution

It introduces a general methodology for privacy threat modelling and applies it specifically to smart cars, identifying 17 domain-independent and 41 domain-specific threats.

Findings

17 domain-independent threats identified

41 domain-specific assets analyzed

A novel threat set for automotive soft privacy created

Abstract

Modern cars are getting so computerised that ENISA's phrase "smart cars" is a perfect fit. The amount of personal data that they process is very large and, yet, increasing. Hence, the need to address citizens' privacy while they drive and, correspondingly, the importance of privacy threat modelling (in support of a respective risk assessment, such as through a Data Protection Impact Assessment). This paper addresses privacy threats by advancing a general modelling methodology and by demonstrating it specifically on soft privacy, which ensures citizens' full control on their personal data. By considering all relevant threat agents, the paper applies the methodology to the specific automotive domain while keeping threats at the same level of detail as ENISA's. The main result beside the modelling methodology consists of both domain-independent and automotive domain-dependent soft privacy threats. While cybersecurity has been vastly threat-modelled so far, this paper extends the literature with a threat model for soft privacy on smart cars, producing 17 domain-independent threats that, associated with 41 domain-specific assets, shape a novel set of domain-dependent threats in automotive.