0      0

(ISC)2 Security Congress 2022

2101788 - Dead Man's Hand: Mobile Application Threat Modeling

Oct 10, 2022 11:05am ‐ Oct 10, 2022 12:00pm


Mobile applications drive data collection for many organizations. That data is often shared with third-party partners, and often creates a liability for the data onwer. We take the practice of threat modeling and apply it to mobile applications to discover privacy risks and exposures. The analysis is guided by using the LINDDUN privacy threat modeling framework, which we modify to investigate how adversaries use data relationships, hardware identifiers, and advertising IDs to re-identify mobile application users. We then show how privacy-preserving algorithms can be used by application developers to anonymize data. Lastly, we dive deep third-party data sharing risks and explore privacy-preserving algorithms (e.g., pseudonymisation, k-anonymity, tokenization, and differential privacy) that can be used to minimize risk.

Learning Objectives:
  • Know the strengths, weaknesses and applicability to business use cases of several important data anonymization techniques, such as pseudonymisation, k-anonymity, tokenization, and differential privacy.
  • Have the ability to describe and implement privacy-preserving software architecture design patterns.
  • Recognize and react to data threats when coding mobile applications.


You must be logged in and own this session in order to post comments.