Testing privacy policies using models

Date of this Version


Document Type

Conference Paper

Publication Details

Interim status: Citation only.

Pari-Salas, P.A. & Krishnan, P. (2008). Testing privacy policies using models. Paper presented at the 2008 Sixth Institute of Electrical and Electronics Engineers (IEEE) International Conference on Software Engineering and Formal Methods, Cape Town, South Africa.

Access the conference website.

2008 HERDC submission. FoR: 0801

© Copyright The Institute of Electrical and Electronics Engineers, Inc., 2008


Privacy policies are usually expressed at a high level using languages such as P3P, EPAL, which are independent of applications. To check if a system satisfies a privacy policy requires to link it with the behaviour of the system and its environment. We propose a framework which is based on models to support the automation of testing if a software system meets a policy. In our framework, policies and system's behaviour are expressed using formal models. These formal models are then combined and used to derive test cases. The main advantage of this approach is the automation of the testing process. We demonstrate its applicability via two examples.

This document is currently not available here.



This document has been peer reviewed.