Who Are "We"? Power Centers in Threat Modeling
Adam Shostack
TL;DR
This paper explores how power dynamics influence threat modeling techniques, comparing methods used by system creators and external analysts with different access levels and skills.
Contribution
It provides an analysis of how power asymmetries affect threat modeling practices and proposes considerations for inclusive security assessments.
Findings
Power disparities impact threat modeling effectiveness.
External analysts face informational and skill barriers.
Threat modeling approaches vary based on analyst access and expertise.
Abstract
I examine threat modeling techniques and questions of power dynamics in the systems in which they're used. I compare techniques that can be used by system creators to those used by those who are not involved in creating the system. That second set of analysts might be scientists doing research, consumers comparing products, or those trying to analyze a new system being deployed by a government. Their access to information, skills and choices are different. I examine the impact of those difference on threat modeling methods.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsTerrorism, Counterterrorism, and Political Violence · Information and Cyber Security