Privacy Threat MOdeling Language

Online Social Networks (OSNs) are becoming pervasive in today's world. Millions of people worldwide are involved in different forms of online networking. However, this ease of use of OSNs comes with a cost in terms of privacy. Users of OSNs become victims of identity theft, cyberstalking, and information leakage, which are real threats to privacy. Consequently, new solutions need to be developed for addressing the threat scenarios to which a user is potentially exposed. In this sense, this paper presents PTMOL (Privacy Threat MOdeling Language) as an approach for modeling privacy threats in an OSN domain. The proposed language is related to the attempt to mitigate privacy threats at the design level, thus promoting concern about threats in the stages preceding the development of OSNs. Two studies were conducted to evaluate the use of PTMOL at the design stages, which provided insights into the correctness, completeness, ease of use, usefulness, user satisfaction, and feasibility of the proposal. The results indicated that PTMOL can be incorporated into software development during the design phase. Via the language, we expect to support designers in making more pre-emptive decisions about user privacy risk, and help them to introduce privacy early in the development cycle of OSNs.

Automated summary

Online Social Networks (OSNs) are widely used, but they come with privacy risks such as identity theft, cyberstalking, and information leakage. This paper introduces PTMOL as a language for modeling privacy threats in OSNs, aiming to address these threats at the design level. Two studies were conducted to evaluate PTMOL's use, indicating that it can be incorporated into software development during the design phase, helping designers make preemptive decisions about user privacy risk and introduce privacy measures early in the development cycle of OSNs.