[Context and motivation] The well-established Data Flow Diagrams (DFDs) have proven their value in the field of security and privacy for the realization of processes in models. However, the time and resources required to model the system with DFD, could slow down security and privacy threat analysis. [Question/problem] Despite the fact that information required for drawing DFD is available in the textual requirement such as user stories, the current approach to modeling the system using DFD is still done by form/questionnaires or manually drawing the diagram. [Principal ideas/results] This study proposes a natural language processing (NLP) model that generates DFD automatically from well-formed user stories. We also detect the presence of personal data in user stories by employing Named Entity Recognition, which allows the personal data to be highlighted in DFD. Our preliminary results show that our model can automatically generate a DFD that highlights the presence of personal data. Finally, the DFD could be expanded to a Privacy-Aware DFD, which incorporates privacy checks into the DFD. [Contribution] This is the first attempt at automatically transforming user stories into DFD using an NLP approach. The automatic approach may alleviate the burden placed on privacy analysts during the initial stages of threat modeling or eliciting privacy requirements.

Top