Abstract

As researchers increasingly seek to understand threats faced by people rather than systems, there remains little consensus on how to study these threats in ways that are grounded in human experience. Traditional approaches to threat modeling are often designed for system vulnerabilities and offer limited guidance for eliciting or analyzing threats as understood by individuals in their social and cultural contexts. This dissertation addresses this gap by advancing human-centered threat modeling (HCTM) in security and privacy research as both a conceptual framework and through a set of empirical studies. The dissertation employs a mixed set of qualitative methods across four studies: a systematization of knowledge that analyzes 78 papers on HCTM in security and privacy research; an interview study with 24 researchers to surface how they practice HCTM work; and two empirical studies applying the framework and insights from the first two studies, one with Pakistani immigrants in the United States and another with young adults in Pakistan on their experiences of harassment. Across these studies, the dissertation shows that human threat models are shaped by a range of contextual factors, including cultural norms, intergenerational relationships, institutional trust, and local meanings of privacy, harm, and protection. The work also finds that researchers bring specific values and goals to HCTM, which can at times conflict with institutional structures such as publication systems, funding priorities, or reviewer expectations, affecting how studies are designed and conducted. The dissertation contributes a structured framework for conducting HCTM, and identifies opportunities for future work to strengthen the field through clearer methodological guidance, more inclusive and context-sensitive research, and sustained engagement with the communities researchers aim to support.

Degree

PhD

College and Department

Computational, Mathematical, and Physical Sciences; Computer Science

Rights

https://lib.byu.edu/about/copyright/