A Test Framework for Assessing Effectiveness of the Data Privacy Policy's Implementation into Relational Databases

Abstract

The growing migration of business transactions toward the web made data privacy a critical issue to cope with. Many technologies have been proposed in order to preserve sensitive data from illegal disclosure, also known as Privacy Enhancing Technology (PET). Unfortunately, under certain conditions, sensitive data could be obtained by leveraging different malicious mechanisms which exploit actions permitted to the user. Thus, it is needed to face the problem also at the system design level, and not only by integrating a specific PET into the final system.We propose a framework for testing the software system’s capability of respecting established data privacy policy. Our test framework aims at detecting the sequence of legal actions which could allow a user to breach the mechanisms for preserving data privacy. The test output helps designers to properly modify those usage scenarios which could compromise data privacy. Experimentation has been carried out in order to make a preliminary assessment of the method