SecAppDev 2025 lecture details
Threat Modeling for Intimate Partner Abuse
Most developers don't think of protection against domestic abusers as part of a product's security and they should.
Monday June 2rd, 09:15 - 10:30
Room Lemaire
Abstract
An abuser who knows you intimately, knows your family and friends, and may have physical access to your home and devices is one of the most difficult attackers to thwart in the world of digital privacy and security. A determined abuser has all of the persistence, ingenuity, and patience of an APT. This talk will discuss some of the tools that abusers use to stalk, spy on, and harass their victims, the ways in which the use of those tools can be detected or stopped, and how we can build better products and platforms that are resistant to being used for abuse.
Key takeaway
The intimate partner abuse threat model is different other models in important and unexpected ways.
Content level
Introductory
Target audience
Everyone
Prerequisites
None
Join us for SecAppDev. You will not regret it!
Grab your seat now
Eva Galperin
Director of Cybersecurity, Electronic Frontier Foundation
Expertise: Security and privacy for vulnerable populations
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Get out of your Bubble: Collaborative Threat Modeling
Deep-dive lecture by Avi Douglen in room Lemaire
Tuesday June 3th, 16:00 - 17:30
Threat modeling by yourself is great - noone is there to tell you you're wrong. But if you want to discover nontrivial issues, the ones you'd not have on your checklist, you'll need to engage with others. But too often we chase them away.
Key takeaway: Threat modeling is not JUST a technical activity, and should intentionally leverage social techniques to maximize stakeholders participation.
The Engineer’s Guide to Data Privacy
Deep-dive lecture by Vera Rimmer in room Lemaire
Wednesday June 4th, 14:00 - 15:30
In this session we will walk through the engineer’s toolbox for protecting different types of data against common privacy threats. The talk is informed by existing practical tools as well as by modern research on data privacy.
Key takeaway: Privacy is an engineering responsibility, not only a legal or design issue. Privacy-preserving techniques are accessible and implementable today.
Continuous Threat Modeling: Let Developers Figure It Out
Deep-dive lecture by Izar Tarandach in room West Wing
Monday June 2rd, 14:00 - 15:30
Continuous Threat Modeling for Developers. They're creating the problems, let them create the solution! No, really - enable them to see the security value of the stories they work on, what could go wrong, and what to do about them.
Key takeaway: Threat Modeling should not be a one-shot-and-done activity by security experts. It needs to be continuous, at the developer level.