3rd Annual Workshop on Privacy Threat Modeling (WPTM) | 2024 USENIX Symposium on Usable Privacy and Security (SOUPS)

Workshop registration is open until Monday, August 5 at 5PM EDT. Please note that for logistical reasons registration will be capped at 60 attendees.

The Workshop on Privacy Threat Modeling will be held in conjunction with the Symposium on Usable Privacy and Security (SOUPS) 2024, August 11-13 in Philadelphia, PA.

You are not required to register for SOUPS to attend the workshop. There is no cost to attend this year’s workshop.

The workshop will take place in a virtual format on Thursday, August 8th from 11AM-2PM EDT.      

The purpose of the workshop is to bring together researchers, practitioners, industry specialists, and government representatives to collaborate on the topic of privacy threat modeling. While aspects of privacy risk modeling are relatively well developed, such as constructions of privacy harms, there has been insufficient discussion around approaches to modeling privacy threats, broadly construed. A holistic approach to representing privacy threats could inform privacy risk models and provide a common lexicon to accelerate conversations in the privacy community.

The workshop will include an informative session and a collaborative session. The informative session will include a keynote, brief updates on prominent existing privacy threat models, including MITRE PANOPTIC™ and LINDDUN, and presentations selected from participant submissions. In the collaborative session we will discuss the role of threat modeling in environmental privacy threat assessment.

Broadly, we hope this workshop will continue to forge new relationships across the privacy community around the topic of privacy threats, shape and guide the development of new and existing privacy threat models, and stimulate further research into privacy threats by providing an informative baseline on what privacy threat modeling is, as well as knowledge about the current state of the field, and ideas about operationalizing privacy threat models.

Topics of interest include:

• Definitions of a privacy incident, attack, threat, and breach
• Distinctions between privacy threats, privacy harms, and privacy vulnerabilities
• Describing or categorizing privacy threats, including taxonomies or ontologies for privacy incidents, attacks, threats, and breaches
• Applicability and limitations of security threat modeling techniques for privacy
• Integration of threat models in privacy risk models and risk management
• Privacy threat-informed defense
• Qualitative versus quantitative threat modeling
• Trade-offs between specific and general models
• Operationalizing privacy threat models
• Privacy threat case studies

Attend at https://ptmworkshop.gitlab.io/#/attending