LINDDUN GO: A Lightweight Approach to Privacy Threat Modeling

Realizing privacy-preserving software requires the application of principles such as Privacy by Design (PbD) which require the consideration of privacy early on in the software development lifecycle. While privacy threat modeling approaches, such as LINDDUN, provide such a systematic and extensive assessment of a system's design, their application requires the analyst performing the assessment to have (i) extensive privacy expertise and (ii) sufficient experience with the threat modeling process itself. Hence, there is a high startup cost to apply these techniques. To reduce this initial threshold, more lightweight privacy analysis approaches are necessary. In this paper, we (i) discuss the requirements for early lightweight privacy analysis approaches; (ii) present LIND-DUN GO, a toolkit that supports lightweight privacy threat modeling; (iii) describe the pilot studies that were conducted for the preliminary evaluation with industry professionals.The availability of lightweight privacy analysis approaches reduces the initial effort to start privacy threat modeling and can therefore enable a more wide-spread adoption of system privacy assessments in practice.