Data privacy threat modelling for autonomous systems: a survey from the GDPR’s perspective

Azam, N., Michala, L. , Ansari, S. and Truong, N. (2023) Data privacy threat modelling for autonomous systems: a survey from the GDPR’s perspective. IEEE Transactions on Big Data, 9(2), pp. 388-414. (doi: 10.1109/TBDATA.2022.3227336)

[img] Text
285501.pdf - Accepted Version



Artificial Intelligence-based applications have been increasingly deployed in every field of life including smart homes, smart cities, healthcare services, and autonomous systems where personal data is collected across heterogeneous sources and processed using ”black-box” algorithms in opaque centralised servers. As a consequence, preserving the data privacy and security of these applications is of utmost importance. In this respect, a modelling technique for identifying potential data privacy threats and specifying countermeasures to mitigate the related vulnerabilities in such AI-based systems plays a significant role in preserving and securing personal data. Various threat modelling techniques have been proposed such as STRIDE, LINDDUN, and PASTA but none of them is sufficient to model the data privacy threats in autonomous systems. Furthermore, they are not designed to model compliance with data protection legislation like the EU/UK General Data Protection Regulation (GDPR), which is fundamental to protecting data owners' privacy as well as to preventing personal data from potential privacy-related attacks. In this article, we survey the existing threat modelling techniques for data privacy threats in autonomous systems and then analyse such techniques from the viewpoint of GDPR compliance. Following the analysis, We employ STRIDE and LINDDUN in autonomous cars, a specific use-case of autonomous systems, to scrutinise the challenges and gaps of the existing techniques when modelling data privacy threats. Prospective research directions for refining data privacy threats & GDPR-compliance modelling techniques for autonomous systems are also presented.

Item Type:Articles
Glasgow Author(s) Enlighten ID:Truong, Dr Nguyen and Ansari, Dr Shuja and Azam, Ms Naila and Michala, Dr Lito
Authors: Azam, N., Michala, L., Ansari, S., and Truong, N.
College/School:College of Science and Engineering > School of Computing Science
College of Science and Engineering > School of Engineering > Autonomous Systems and Connectivity
Journal Name:IEEE Transactions on Big Data
ISSN (Online):2332-7790
Published Online:07 December 2022
Copyright Holders:Copyright © 2022 IEEE
First Published:First published in IEEE Transactions on Big Data 9(2): 388-414
Publisher Policy:Reproduced in accordance with the publisher copyright policy

University Staff: Request a correction | Enlighten Editors: Update this record