Privacy Property Graph: Towards Automated Privacy Threat Modeling via Static Graph-based Analysis

Authors: Immanuel Kunz (Fraunhofer AISEC), Konrad Weiss (Fraunhofer AISEC), Angelika Schneider (Fraunhofer AISEC), Christian Banse (Fraunhofer AISEC)

Volume: 2023
Issue: 2
Pages: 171–187

Download PDF

Abstract: Privacy threat modeling should be done frequently throughout development and production to be able to quickly mitigate threats. Yet, it can also be a very time-consuming activity. In this paper, we use an enhanced code property graph to partly automate the privacy threat modeling process: It automatically generates a data flow diagram from source code which exhibits privacy properties of data flows, and which can be analyzed semi-automatically via queries. We provide a list of such reusable queries that can be used to detect various privacy threats. To enable this analysis, we integrate a taint-tracking mechanism into the graph using privacy-specific labels. Since no benchmark for such an approach exists, we also present a test suite for privacy threat implementations which comprises implementations for 22 privacy threats in multiple programming languages. We expect that our approach significantly reduces time consumption of threat modeling and show that it also has potential beyond the threat categories defined by LINDDUN, e.g. to detect privacy anti-patterns and verify compliance to privacy policies.

Keywords: Privacy Threat Modeling, Cloud Privacy, Automated Risk Assessment, Static Code Analysis

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.