Nitish Uplavikar, Comcast Cable
Privacy threat modeling is essential for assessing an application's privacy posture at an architecture level. Yet automated tooling that allows thus analysis to scale remains limited compared to security threat modeling. We present an open-source contribution of twelve privacy threat modeling rules implemented in Threagile, a machine assisted threat modeling toolkit. These rules analyze system architecture, data flows, and technical assets to automatically identify privacy violations including data minimization failures, unauthorized disclosure, insecure storage, and re-identification risks.
Our rules align with the LINDDUN privacy threat modeling framework, covering threat categories such as Linking, Identifying, Data Disclosure, Unawareness, and Non-compliance, while also addressing some OWASP-based Privacy Risks. Each rule provides high fidelity detection logic with actionable mitigations, enabling privacy-by-design practices early in development.
It can be used by privacy architects for assessments as well as designers and developers as a self-service tool. Our contribution bridges the gap between privacy threat modeling theory and practical implementation, offering a systematic privacy risk assessment.
Nitish Uplavikar is a senior researcher on the SPIDER at Comcast Cable. Nitish has a PhD in Computer Science from University of Missouri-Columbia, where his research focused on Privacy Preserving Data Analytics.
author = {Nitish Uplavikar},
title = {Scaling Privacy Threat Modeling: From Architects to Developers},
year = {2026},
address = {Santa Clara, CA},
publisher = {USENIX Association},
month = jun
}