The STRAP Framework is an iterative process that aims at the identification of privacy vulnerabilities throughout all the stages of the software development process.
- Design Analysis: The whole process starts by performing a Goal-oriented analysis of the whole system. The main actors, goals and major system components are identified. They are represented in a tree diagram following a dependency hierarchy (Figure 1). Goals are represented in the circles and actors are represented with colours on each goal. For each goal we ask the following analytical questions: “What information is captured/accessed for this goal?”, “Who are the actors involved in the capture and access?”, “What knowledge is derived from this information?” and “What is done with the information afterward?”
- Design refinement: Once all the vulnerabilities are identified, we iterate over them and decide which ones can be eliminated and which ones can be mitigated. For example: if one vulnerability is that personal information needs to be stored in a server and it can be stolen, then the mitigation is to keep the information encrypted.
- Evaluation: Elaborate a set of different design that tackle the goals of the system and evaluate them. Choose the design alternative that implies a lesser impact on privacy.
- Iteration: As the conceptualisation of the project evolves, repeat the different steps again to make sure that all the vulnerabilities are always documented and identified. Together with the vulnerabilities, it is necessary to document the assumptions taken in the design. Before new features are added to the system, they need to be evaluated and used to update the goal tree, adding new objectives and actors as needed.
References:C. Jensen, J. Tullio, C. Potts, and E. D. Mynatt, “STRAP: a structured analysis framework for privacy,” 2005.