Threat Me Right: A Human HARMS Threat Model for Technical Systems
Kieron Ivy Turk, Anna Talas, Alice Hutchings
TL;DR
This paper introduces HARMS, a new threat modelling framework designed to identify human and interpersonal threats in technical systems, demonstrated through a case study on IoT devices like smart speakers.
Contribution
The paper presents HARMS, a novel threat model that addresses non-technical and human factors harms often overlooked by existing methods.
Findings
HARMS effectively identifies human-centric threats in IoT systems
Application to smart speakers demonstrates practical utility
Highlights gaps in traditional technical threat models
Abstract
Threat modelling is the process of identifying potential vulnerabilities in a system and prioritising them. Existing threat modelling tools focus primarily on technical systems and are not as well suited to interpersonal threats. In this paper, we discuss traditional threat modelling methods and their shortcomings, and propose a new threat modelling framework (HARMS) to identify non-technical and human factors harms. We also cover a case study of applying HARMS when it comes to IoT devices such as smart speakers with virtual assistants.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Safety Systems Engineering in Autonomy · Smart Grid Security and Resilience