Kristen Tan, Comcast NBCUniversal
As cybersecurity and privacy have become a core part of product development, there has been a push to shift their implementation left (earlier) in the product development lifecycle. One facet of shifting left is employing threat modeling to identify areas of potential risk in a system’s architecture. While beneficial, though, threat modeling can be labor- and time-intensive. To address this, tools, some of which are open-source, are being developed to automate aspects of the process. These tools have primarily focused on security, but privacy threat detection functionality is being introduced. This talk presents a comparative evaluation of six of these open-source tools. It then introduces possible sources for use in developing a custom library of privacy threats. Finally, it ties the two discussions together by walking through an example of how detection capability for a specific privacy threat can be introduced into one of the six tools.
Kristen Tan, Comcast NBCUniversal
Kristen Tan is a CORE Technology Associate at Comcast NBCUniversal with a M.S. in Computer Science from Stevens Institute of Technology. She is currently rotating at Comcast Cable on an Accessibility team, but prior to this, she rotated on Comcast Cable’s Cybersecurity Research team. Her research during that rotation focused on the emerging field of Privacy Engineering and how it fits into the world of Cybersecurity. Previous engagements in both academia and industry have also given her experience in robotics, smart home technologies, and cloud infrastructure in a production environment. She has co-authored two peer reviewed publications and looks forward to continuing to write about and share her work going forward.
author = {Kristen Tan},
title = {Privacy Shift Left: A {Machine-Assisted} Threat Modeling Approach},
year = {2022},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}
