xCOMPASS is a questionnaire developed from Models of Applied Privacy (MAP) personas. Privacy Threat Modeling (PTM) is part of software development lifecycle (SDL) along with the increasing awareness of data privacy. Unfortunately, PTM comes with the following limitations. First, it mostly involves human experts (i.e., threat modelers) with much manual effort. Second, it is usually performed later in the SDL pipeline, during which much development work has been finished. Third, the app developer is usually not familiar with privacy principles (e.g., privacy laws) that can guide the development process. To address these problems, xCOMPASS presents a lightweight questionnaire (i.e., yes-no questions), identifies privacy requirements based on the answers, and maps the requirements to privacy principles (e.g., privacy laws) and mitigation strategies (e.g., de-identification).
Please feel free to learn more about the questionnaire questions, as well as MAP framework by following these links:Jayati Dev, Bahman Rashidi, Vaibhav Garg. Models of Applied Privacy (MAP): A Persona Based Approach to Threat Modeling. In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (CHI '23).
Rahmadi Trimananda. The Golden xCOMPASS: The Compass You Need to Navigate through the App-Privacy Universe! USENIX SOUPS 2024 Lightning Talks.
Rahmadi Trimananda. The Golden xCOMPASS: The Compass You Need to Navigate through the App-Privacy Universe! OWASP LASCON 2024.
Rahmadi Trimananda. The Golden xCOMPASS: The Compass You Need to Navigate through the App-Privacy Universe! IEEE Digital Privacy Workshop 2024.
Licensed under Apache 2.0.