Privacy Risk Analysis Based on System Control Structures Adapting System-Theoretic Process Analysis for Privacy Engineering

被引:22
|
作者
Shapiro, Stuart S. [1 ]
机构
[1] Mitre Corp, Burlington Rd, Bedford, MA 01730 USA
来源
2016 IEEE SYMPOSIUM ON SECURITY AND PRIVACY WORKSHOPS (SPW 2016) | 2016年
关键词
privacy risk analysis; System-Theoretic Process Analysis; STPA; STPA-Sec; STPA-Priv; HAZARD ANALYSIS; SAFETY;
D O I
10.1109/SPW.2016.15
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
To date, top-down efforts to evolve and structure privacy engineering knowledge have tended to reflect common systems engineering/development life cycle activities. A different approach suggests a particular need for technical analytical methods. To help address this need, this paper proposes to adapt for privacy engineering an existing technique, System-Theoretic Process Analysis (STPA), developed for safety engineering. The foundations of STPA are discussed, its security extension, STPA-Sec, is described, and modifications to STPA-Sec are proposed to produce STPA-Priv. STPA-Priv is then applied to a simple illustrative example.
引用
收藏
页码:17 / 24
页数:8
相关论文
共 50 条
  • [1] Safety Analysis of Train Control System Based on Colored Petri Nets and System-Theoretic Process Analysis
    Hu, Shaoqiang
    Wu, Daohua
    Wang, Huashen
    [J]. PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON ELECTRICAL AND INFORMATION TECHNOLOGIES FOR RAIL TRANSPORTATION (EITRT) 2017: TRANSPORTATION, 2018, 483 : 175 - 184
  • [2] System-Theoretic Process Analysis Based on SysML/MARTE and NuSMV
    Zhong, Deming
    Sun, Rui
    Gong, Haoyuan
    Wang, Tianhuai
    [J]. APPLIED SCIENCES-BASEL, 2022, 12 (03):
  • [3] PASTA: Pragmatic Automated System-Theoretic Process Analysis
    Petzold, Jette
    Kreiss, Jana
    von Hanxleden, Reinhard
    [J]. 2023 53RD ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, DSN, 2023, : 559 - 567
  • [4] A Software Safety Verification Method Based on System-Theoretic Process Analysis
    Abdulkhaleq, Asim
    Wagner, Stefan
    [J]. COMPUTER SAFETY, RELIABILITY, AND SECURITY, 2014, 8696 : 401 - 412
  • [5] On the need for system-theoretic hazard analysis in the process industries
    Baybutt, Paul
    [J]. JOURNAL OF LOSS PREVENTION IN THE PROCESS INDUSTRIES, 2021, 69
  • [6] A System-Theoretic Approach to Modeling and Analysis of Mammography Testing Process
    Zhong, Xiang
    Li, Jingshan
    Ertl, Susan M.
    Hassemer, Carol
    Fiedler, Lauren
    [J]. IEEE TRANSACTIONS ON SYSTEMS MAN CYBERNETICS-SYSTEMS, 2016, 46 (01): : 126 - 138
  • [7] A system-theoretic framework for privacy preservation in continuous-time multiagent dynamics
    Altafini, Claudio
    [J]. AUTOMATICA, 2020, 122
  • [8] A System-theoretic Privacy-informed Framework in Multi-agent Systems
    Sadabadi, Mahdieh S.
    [J]. 2023 62ND IEEE CONFERENCE ON DECISION AND CONTROL, CDC, 2023, : 5079 - 5084
  • [9] Exploratory Study of the Privacy Extension for System Theoretic Process Analysis (STPA-Priv) to elicit Privacy Risks in eHealth
    Mindermann, Kai
    Riedel, Frederik
    Abdulkhaleq, Asim
    Stach, Christoph
    Wagner, Stefan
    [J]. 2017 IEEE 25TH INTERNATIONAL REQUIREMENTS ENGINEERING CONFERENCE WORKSHOPS (REW), 2017, : 90 - 96
  • [10] Applying System-Theoretic Process Analysis (STPA)-based methodology supported by Systems Engineering models to a UK rail project
    Oginni, Dapo
    Camelia, Fanny
    Chatzimichailidou, Mikela
    Ferris, Timothy L. J.
    [J]. SAFETY SCIENCE, 2023, 167
12345