Exploratory Study of the Privacy Extension for System Theoretic Process Analysis (STPA-Priv) to Elicit Privacy Risks in eHealth

Abstract: Abstract-Context: System Theoretic Process Analysis for Privacy (STPA-Priv) is a novel privacy risk elicitation method using a top down approach. It has not gotten very much attention but may offer a convenient structured approach and generation of additional artifacts compared to other methods. Aim: The aim of this exploratory study is to find out what benefits the privacy risk elicitation method STPA-Priv has and to explain how the method can be used. Method: Therefore we apply STPA-Priv to a real world heal… Show more

“…With the advancement of ML, in addition to safety, security and privacy have emerged as the two attributes of growing interest, which encompass guarding against external system breaches and noticing the privacy implications of system usage. This is exemplified by the development of STPA-sec [44], [31], [50], [54], [26] and STPA-priv [39], [53], indicating the flexibility of STPA in terms of accommodating attributes beyond safety. STPA-sec focuses on analysing the vulnerability of the system to external attacks, while STPA-priv highlights the data privacy issues in the system.…”

“…Collaborative robots [11], [3], [14] and Autonomous Mobile Multi-robots [9], [10], [14], [12] are also active areas of applying STPA. Moreover, STPA-priv was initially implemented for smart televisions [53] before being extended to E-health [39], recognising that privacy is a vital concern for humans. Moreover, STPA-sec has also found use in the Aeronautic industry [44].…”

STPA for Learning-Enabled Systems: A Survey and A New Practice

“…With the advancement of ML, in addition to safety, security and privacy have emerged as the two attributes of growing interest, which encompass guarding against external system breaches and noticing the privacy implications of system usage. This is exemplified by the development of STPA-sec [44], [31], [50], [54], [26] and STPA-priv [39], [53], indicating the flexibility of STPA in terms of accommodating attributes beyond safety. STPA-sec focuses on analysing the vulnerability of the system to external attacks, while STPA-priv highlights the data privacy issues in the system.…”

“…Collaborative robots [11], [3], [14] and Autonomous Mobile Multi-robots [9], [10], [14], [12] are also active areas of applying STPA. Moreover, STPA-priv was initially implemented for smart televisions [53] before being extended to E-health [39], recognising that privacy is a vital concern for humans. Moreover, STPA-sec has also found use in the Aeronautic industry [44].…”

STPA for Learning-Enabled Systems: A Survey and A New Practice

“…LINDDUN uses a bottom-up approach in analyzing the privacy constraints in the data flow, unlike the STPA-Priv, which uses a topdown approach. Intuitively, tracking data flow in a bottom-up approach becomes much more complex when human interaction through a user interface is involved (Mindermann et al 2017).…”

“…As discussed by Mindermann et al (2017), Shapiro (2016), the control structure is not in our scope of analysis. 4.…”

Valet attack on privacy: a cybersecurity threat in automotive Bluetooth infotainment systems

“…These violations are weaknesses or vulnerabilities in system that allow the loss (accident) to happen [34]. Usually, hazards may also be based on human and system interactions, especially human error [22] which is not acknowledged by STPA-Sec. The UK's National Cyber Security Centre has introduced the application of STAMP/ STPA in various case studies for improving risk framework for cyber security problems.…”

Integrated Design Framework for Facilitating Systems-Theoretic Process Analysis