Apply the LINDDUN framework for privacy requirement analysis
Lu, Pengfei (2017)
2017
Tietojenkäsittelytieteiden tutkinto-ohjelma - Degree Programme in Computer Sciences
Luonnontieteiden tiedekunta - Faculty of Natural Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2017-03-29
Julkaisun pysyvä osoite on
http://urn.fi/URN:NBN:fi:uta-201703311389
http://urn.fi/URN:NBN:fi:uta-201703311389
Tiivistelmä
LINDDUN is a framework to identify privacy threats and elicit privacy requirements from a system. It has complete procedures and strong support on privacy requirements analysis. This research tries to figure out how practically we can apply the LINDDUN methodology in privacy requirements analysis. This thesis studies LINDDUN in a case project name Rin-Tin-Tinder for privacy threats and privacy requirements analysis. The analysis results are compared with the privacy requirement elicited by the project team in a workshop session. The analysis result is verified through a comparison with the Microsoft privacy guideline.
The discussions and analysis on comparison implies strengths and weakness of the LINDDUN methodology. Compared to workshop, the LINDDUN methodology lead the analyst to identify more privacy threats and get more privacy requirements, and makes analyzing process more predictable. Meanwhile, the LINDDUN methodology has a blind spot on users' unintentional false instructions. The thesis discussed possible directions to improve LINDDUN and summarize a guide rules on assumption making, which is an important procedure in LINDDUN. These findings will be helpful for LINDDUN s further improvement.
The discussions and analysis on comparison implies strengths and weakness of the LINDDUN methodology. Compared to workshop, the LINDDUN methodology lead the analyst to identify more privacy threats and get more privacy requirements, and makes analyzing process more predictable. Meanwhile, the LINDDUN methodology has a blind spot on users' unintentional false instructions. The thesis discussed possible directions to improve LINDDUN and summarize a guide rules on assumption making, which is an important procedure in LINDDUN. These findings will be helpful for LINDDUN s further improvement.