TUM Logo

Privacy Property Graph: Towards Automated Privacy Threat Modeling via Static Graph-based Analysis

Privacy threat modeling should be done frequently throughout development and production to be able to quickly mitigate threats. Yet, it can also be a very time-consuming activity. In this paper, we use an enhanced code property graph to partly automate the privacy threat modeling process: It automatically generates a data flow diagram from source code which exhibits privacy properties of data flows, and which can be analyzed semi-automatically via queries. We provide a list of such reusable queries that can be used to detect various privacy threats. To enable this analysis, we integrate a taint-tracking mechanism into the graph using privacy-specific labels. Since no benchmark for such an approach exists, we also present a test suite for privacy threat implementations which comprises implementations for 22 privacy threats in multiple programming languages. We expect that our approach significantly reduces time consumption of threat modeling and show that it also has potential beyond the threat categories defined by LINDDUN, eg to detect privacy anti-patterns and verify compliance to privacy policies.

Privacy Property Graph: Towards Automated Privacy Threat Modeling via Static Graph-based Analysis

Proceedings on Privacy Enhancing Technologies

Authors: Immanuel Kunz, Konrad Weiss, Angelika Schneider, and Christian Banse
Year/month: 2023/6
Booktitle: Proceedings on Privacy Enhancing Technologies
Pages: 171-187
Fulltext: click here

Abstract

Privacy threat modeling should be done frequently throughout development and production to be able to quickly mitigate threats. Yet, it can also be a very time-consuming activity. In this paper, we use an enhanced code property graph to partly automate the privacy threat modeling process: It automatically generates a data flow diagram from source code which exhibits privacy properties of data flows, and which can be analyzed semi-automatically via queries. We provide a list of such reusable queries that can be used to detect various privacy threats. To enable this analysis, we integrate a taint-tracking mechanism into the graph using privacy-specific labels. Since no benchmark for such an approach exists, we also present a test suite for privacy threat implementations which comprises implementations for 22 privacy threats in multiple programming languages. We expect that our approach significantly reduces time consumption of threat modeling and show that it also has potential beyond the threat categories defined by LINDDUN, eg to detect privacy anti-patterns and verify compliance to privacy policies.

Bibtex:

@inproceedings {
author = { Immanuel Kunz and Konrad Weiss and Angelika Schneider and Christian Banse},
title = { Privacy Property Graph: Towards Automated Privacy Threat Modeling via Static Graph-based Analysis },
year = { 2023 },
month = { June },
booktitle = { Proceedings on Privacy Enhancing Technologies },
pages = { 171-187 },
url = { https://petsymposium.org/popets/2023/popets-2023-0046.pdf },

}