Skip to content

Latest commit

 

History

History

ACSW23

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 

A Threat Model for Soft Privacy on Smart Cars

This folder contains the outcomes for the paper "A Threat Model for Soft Privacy on Smart Cars", in 2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

DOI: https://doi.org/10.1109/EuroSPW59978.2023.00005 Preprint ArXiv DOI: https://doi.org/10.48550/arXiv.2306.04222

Abstract

Modern cars are getting so computerised that ENISA's phrase "smart cars" is a perfect fit. The amount of personal data that they process is very large and, yet, increasing. Hence, the need to address citizens' privacy while they drive and, correspondingly, the importance of privacy threat modelling (in support of a respective risk assessment, such as through a Data Protection Impact Assessment). This paper addresses privacy threats by advancing a general modelling methodology and by demonstrating it specifically on soft privacy, which ensures citizens' full control on their personal data. By considering all relevant threat agents, the paper applies the methodology to the specific automotive domain while keeping threats at the same level of detail as ENISA's. The main result beside the modelling methodology consists of both domain-independent and automotive domain-dependent soft privacy threats. While cybersecurity has been vastly threat-modelled so far, this paper extends the literature with a threat model for soft privacy on smart cars, producing 17 domain-independent threats that, associated with 41 domain-specific assets, shape a novel set of domain-dependent threats in automotive.