SoK: A Framework and Guide for Human-Centered Threat Modeling in Security and Privacy Research

Human-centered threat modeling is a practice that researchers use to identify security and privacy threats to people, as well as ways to mitigate those threats. Often this may be the first step toward understanding the security and privacy needs, perspectives, experiences, and practices of a group or community, so that researchers can learn how to better improve their overall safety. However, research in this area is relatively ad hoc as compared to the more well-developed field of threat modeling for systems, leading to a fragmented and incomplete understanding of how researchers should engage in this endeavor. The goal of this work is to systematize the practice of human-centered threat modeling, identifying the core components of a human-centered threat modeling exercise by studying the practices of researchers in the area. We gathered a corpus of 78 papers in this area, using qualitative analysis to understand the practices used by researchers to elicit a threat model. Our results include a framework for human-centered threat modeling, a guide for using the framework that is grounded in best practices, and a description of how human-centered threat modeling differs from systems threat modeling. Our work can be used to guide new and experienced researchers in the field as they work to center human safety in their practices.