Skip to main content
SpringerLink
Log in

Building a Privacy Testbed: Use Cases and Design Considerations

  • Conference paper
  • First Online:
Computer Security. ESORICS 2021 International Workshops (ESORICS 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 13106))

Included in the following conference series:

  • 1500 Accesses

Abstract

Mobile application (app) developers are often ill-equipped to understand the privacy implications of their products and services, especially with the common practice of using third-party libraries to provide critical functionality. To add to the complexity, most mobile applications interact with the “cloud”—not only the platform provider’s ecosystem (such as Apple or Google) but also with third-party servers (as a consequence of library use). This presents a hazy view of the privacy impact for a particular app. Therefore, we take a significant step to address this challenge and propose a testbed with the ability to systematically evaluate and understand the privacy behavior of client server applications in a network environment across a large number of hosts. We reflect on our experiences of successfully deploying two mass market applications on the initial versions of our proposed testbed. Standardization across cloud implementations and exposed end points of closed source binaries are key for transparent evaluation of privacy features.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. https://www.torproject.org. Accessed June 2021

  2. https://docs.openvswitch.org/en/latest/ref/ovs-tcpdump.8/. Accessed June 2021

  3. Acquisti, A., Brandimarte, L., Loewenstein, G.: Secrets and likes: the drive for privacy and the difficulty of achieving it in the digital age. J. Consum. Psychol. 30(4), 736–758 (2021)

    Article  Google Scholar 

  4. Baqer, K., Anderson, R.: Do you believe in tinker bell? The social externalities of trust. In: Christianson, B., Švenda, P., Matyáš, V., Malcolm, J., Stajano, F., Anderson, J. (eds.) Security Protocols 2015. LNCS, vol. 9379, pp. 224–236. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26096-9_23

    Chapter  Google Scholar 

  5. Braz, L., Fregnan, E., Çalikli, G., Bacchelli, A.: Why don’t developers detect improper input validation? DROP TABLE papers. In: 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), pp. 499–511 (2021). https://doi.org/10.1109/icse43902.2021.00054

  6. Busvine, D.: Rift opens over European coronavirus contact tracing APPs, April 2020. https://www.reuters.com/article/uk-health-coronavirus-europe-tech-idUKKBN2221U6?edition-redirect=uk

  7. Canonical: cloud-init - The standard for customising cloud instances. https://cloud-init.io/

  8. Crispo, B., Lomas, M.: A certification scheme for electronic commerce. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 19–32. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-62494-5_2

    Chapter  Google Scholar 

  9. Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements. Requir. Eng. 16(1), 3–32 (2011)

    Article  Google Scholar 

  10. Druschel, P., Kaashoek, F., Rowstron, A. (eds.): IPTPS 2002. LNCS, vol. 2429. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45748-8

    Book  MATH  Google Scholar 

  11. Gardiner, J., Craggs, B., Green, B., Rashid, A.: Oops I did it again: further adventures in the land of ICS security testbeds. In: Proceedings of the ACM Workshop on Cyber-Physical Systems Security and Privacy, CPS-SPC 2019, pp. 75–86. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3338499.3357355

  12. Golomb, S.: Mathematical models-Uses and limitations. Astronaut. Aeronaut. 6(1), 57 (1968). Amer Inst Aeronaut Astronaut 1801 Alexander Bell Drive, Ste 500, Reston, Va

    Google Scholar 

  13. Google, Apple. Exposure notifications: Helping fight COVID-19. https://www.google.com/covid19/exposurenotifications/. Accessed June 2021

  14. Green, B., Lee, A., Antrobus, R., Roedig, U., Hutchison, D., Rashid, A.: Pains, gains and PLCs: Ten lessons from building an industrial control systems testbed for security research. In: 10th USENIX Workshop on Cyber Security Experimentation and Test (CSET 17). USENIX Association, Vancouver, August 2017. https://www.usenix.org/conference/cset17/workshop-program/presentation/green

  15. Haber, S., Stornetta, W.S.: How to time-stamp a digital document. J. Cryptol. 3(2), 99–111 (1991). https://doi.org/10.1007/BF00196791

    Article  MATH  Google Scholar 

  16. Hoepman, J.H.: Privacy Design Strategies (The Little Blue Book). Radbound University (2019)

    Google Scholar 

  17. Lamport, L., Shostak, R., Pease, M.: The Byzantine Generals Problem, pp. 203–226. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3335772.3335936

    Book  MATH  Google Scholar 

  18. Mathur, A.P., Tippenhauer, N.O.: SWaT: a water treatment testbed for research and training on ICS security. In: 2016 International Workshop on Cyber-Physical Systems for Smart Water Networks (CySWater), pp. 31–36 (2016). https://doi.org/10.1109/CySWater.2016.7469060

  19. Triggle, N.: Care.data: how did it go so wrong? https://www.bbc.co.uk/news/health-26259101. Accessed June 2021

  20. Signal Foundation: Speak freely. https://signal.org/en/. Accessed June 2021

  21. Solove, D.J.: The myth of the privacy paradox. George Washington Law Rev. 89, 1 (2021)

    Google Scholar 

  22. Tahaei, M., Frik, A., Vaniea, K.: Privacy champions in software teams: understanding their motivations, strategies, and challenges. In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems, CHI 2021, pp. pp. 1–15. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3411764.3445768

  23. Wang, L., Kangasharju, J.: Real-world sybil attacks in Bittorrent mainline DHT. In: 2012 IEEE Global Communications Conference (GLOBECOM), pp. 826–832 (2012). https://doi.org/10.1109/GLOCOM.2012.6503215

  24. Wen, H., Zhao, Q., Lin, Z., Xuan, D., Shroff, N.: A study of the privacy of COVID-19 contact tracing apps. In: Park, N., Sun, K., Foresti, S., Butler, K., Saxena, N. (eds.) SecureComm 2020, Part I. LNICST, vol. 335, pp. 297–317. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-63086-7_17

    Chapter  Google Scholar 

  25. Yeh, L.Y., Lu, P.J., Huang, S.H., Huang, J.L.: SOChain: a privacy-preserving DDoS data exchange service over SOC consortium blockchain. IEEE Trans. Eng. Manage. 67(4), 1487–1500 (2020). https://doi.org/10.1109/TEM.2020.2976113

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Bristol, Bristol, UK

    Joseph Gardiner, Partha Das Chowdhury, Jacob Halsey, Mohammad Tahaei & Awais Rashid

  2. University of Edinburgh, Edinburgh, UK

    Tariq Elahi

Authors
  1. Joseph Gardiner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Partha Das Chowdhury
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jacob Halsey
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mohammad Tahaei
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Tariq Elahi
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Awais Rashid
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Partha Das Chowdhury .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  3. Polytechnique Montréal, Montréal, QC, Canada

    Nora Cuppens

  4. University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  5. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  6. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  7. University of Nottingham, Nottingham, UK

    Steven Furnell

  8. Technische Universität Berlin, Berlin, Germany

    Frank Pallas

  9. Alexander von Humboldt Institut für Internet und Gesellschaft gGmbH, Berlin, Germany

    Jörg Pohle

  10. Ruhr-Universität Bochum, Bochum, Germany

    M. Angela Sasse

  11. Norwegian Computing Center, Oslo, Norway

    Habtamu Abie

  12. University of Trento and Fondazione Bruno Kessler, Trento, Italy

    Silvio Ranise

  13. Università degli Studi di Genova, Genoa, Italy

    Luca Verderame

  14. Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy

    Enrico Cambiaso

  15. Indra, Alcobendas, Spain

    Jorge Maestre Vidal

  16. Indra, Alcobendas, Spain

    Marco Antonio Sotelo Monge

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gardiner, J., Das Chowdhury, P., Halsey, J., Tahaei, M., Elahi, T., Rashid, A. (2022). Building a Privacy Testbed: Use Cases and Design Considerations. In: Katsikas, S., et al. Computer Security. ESORICS 2021 International Workshops. ESORICS 2021. Lecture Notes in Computer Science(), vol 13106. Springer, Cham. https://doi.org/10.1007/978-3-030-95484-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-95484-0_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-95483-3

  • Online ISBN: 978-3-030-95484-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation