Cat Easdon, Dynatrace Research; Patrick Berchtold, Dynatrace
Observability platforms provide development and operations teams with insights into their distributed systems, typically combining logs, metrics, and traces with additional telemetry for use cases such as runtime security monitoring and understanding user behavior. While this data is tremendously useful for troubleshooting and product development, it also poses privacy challenges. In this session, we'll consider these challenges through an offensive privacy lens, presenting our research conducting reconstruction attacks against aggregated user session data. We'll explore how offensive privacy research can be used to support the business case for a new product privacy feature, discuss the unique aspects of privacy threat modeling in a business-to-business (B2B) setting, and consider runtime mitigations to halt reconstruction attacks earlier in the 'privacy kill chain'.
Cat Easdon is an engineer and researcher working at the intersection of privacy, security, and policy. She leads Dynatrace's privacy engineering team, designing product privacy features and building privacy controls into the software development lifecycle.
Patrick Berchtold is a software engineer at Dynatrace and a student at TU Graz, researching reconstruction attacks at ISEC in collaboration with Dynatrace in his thesis. His thesis focuses on applying reconstruction attacks in industry scenarios, exploring their risks and implications for real-world systems.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Cat Easdon and Patrick Berchtold},
title = {{Observable...Yet} Still Private? An Offensive Privacy Perspective on Observability},
year = {2025},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}
