Developing a Strategy for Automated Privacy Testing Suites

  • Ioannis Agrafiotis
  • Sadie Creese
  • Michael Goldsmith
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 375)


This paper describes a strategy to develop automated privacy testing suites to assess the correctness of consent and revocation (C&R) controls offered to users by an EnCoRe system. This strategy is based on a formal language in order to provide rigorous and unambiguous consent and revocation specifications, and comprises of two novel procedures that facilitate the process of eliciting testing requirements for privacy properties and creating automated privacy-testing suites. We demonstrate the effectiveness of the strategy by describing our application of the method to a realistic case study, although space limitations preclude a complete presentation.


Cloud Computing Personal Data Test Suite Formal Language None None 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: Reaching for Informed Revocation: Shutting Off the Tap on Personal Data. In: Bezzi, M., Duquenoy, P., Fischer-Hübner, S., Hansen, M., Zhang, G. (eds.) Privacy and Identity. IFIP AICT, vol. 320, pp. 246–258. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: Applying Formal Methods to Detect and Resolve Ambiguities in Privacy Requirements. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds.) Privacy and Identity Management for Life. IFIP AICT, vol. 352, pp. 271–282. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Armando, A., Carbone, R., Compagna, L., Li, K., Pellegrino, G.: Model-checking driven security testing of web-based applications. In: Third International Conference on Software Testing, Verification, and Validation Workshops (ICSTW), pp. 361–370. IEEE (2010)Google Scholar
  4. 4.
    Mont, M.C., Pearson, S., Kounga, G., Shen, Y., Bramhall, P.: Privacy and identity management in europe: overview of existing assurance methods in the area of privacy and IT Security. Technical report, HP Labs, Bristol (2004)Google Scholar
  5. 5.
  6. 6.
    Fernandez, J.C., Jard, C., Jéron, T., Viho, C.: An experiment in automatic generation of test suites for protocols with verification technology. Science of Computer Programming 29(1-2), 123–146 (1997)CrossRefGoogle Scholar
  7. 7.
    British Computer Society Specialist Interest Group in Software Testing (BCS SIGIST). Standard for software component testing. Technical report, British Computer Society, Working Draft 3.4 (2001)Google Scholar
  8. 8.
    Westin, A.F.: Privacy and freedom, London, vol. 97 (1967)Google Scholar
  9. 9.
    Whitley, E.A.: Information privacy consent and the ‘control’ of personal data. Inform. Secur. Tech. Rep. (2009), doi:10.1016/j.istr.2009.10.001Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Ioannis Agrafiotis
    • 1
  • Sadie Creese
    • 1
  • Michael Goldsmith
    • 1
  1. 1.Department of Computer ScienceUniversity of OxfordOxfordEngland

Personalised recommendations