Applicability analysis: elicitation of privacy risks through STPA(-Priv) in a selected IoT-scenario

Abstract

Context This bachelor’s thesis discusses the usage of System-Theoretic Process Analysis (STPA) for privacy engineering. STPA has been developed for safety engineering originally. I show how this methodology can be applied to privacy risk analysis by using the extension STPA-Priv. I explain why privacy is important and why privacy risk analysis can help improve systems regarding privacy.

Objective The goal is to apply the privacy extension of STPA to a real-world Internet of Things scenario to determine the applicability and possible problems with this methodology.

Method STPA considers safety a system property. I think that privacy is a system property as well and therefore STPA can be applied to privacy risk analysis. Most changes from STPA to STPA-Priv have been made in its terminology, the process itself remains the same. This brings many of the advantages of systems theory to the field of privacy engineering, such as the top-down nature of STPA that helps handle complex socio-technical systems.

Results I found out that STPA-Priv is a good approach to elicit privacy risks and requirements. I was able to elicit many privacy risks from our scenario using STPA-Priv which shows that the methodology works in general.

Conclusions After all, I can recommend using STPA-Priv to evaluate projects for privacy risks. Nevertheless, there are still changes and improvements necessary. However, the overall methodology would not be affected by those changes. STPA-Priv is very straight-forward for people that are already familiar with STPA.