Abstract
For replying to the strict exigencies and rules imposed by the GDPR, ICT systems are currently adopting different means for managing personal data. However, due to their critical and crucial role, effective and efficient validation methods should be applied, taking into account the peculiarity of the reference legal framework (i.e., the GDPR). In this paper, we present GROOT, a generic combinatorial testing methodology specifically conceived for assessing the GDPR compliance and its contextualization in the context of access control domain.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Abassi, R., El Fatmi, S.G.: Security policies a formal environment for a test cases generation. In: Artificial Intelligence and Security Challenges in Emerging Networks, pp. 237–264. IGI Global (2019)
Daoudagh, S., Lonetti, F., Marchetti, E.: XACMET: XACML testing and modeling. Softw. Qual. J. 28(1), 249–282 (2020)
Daoudagh, S., Marchetti, E.: A life cycle for authorization systems development in the GDPR perspective. In: Proceedings of the 4th Italian Conference on Cyber Security, Ancona, Italy, 4–7 February 2020, vol. 2597, pp. 128–140. CEUR (2020)
Daoudagh, S., Marchetti, E.: GRADUATION: a GDPR-based mutation methodology. In: Paiva, A.C.R., Cavalli, A.R., Ventura Martins, P., Pérez-Castillo, R. (eds.) QUATIC 2021. CCIS, vol. 1439, pp. 311–324. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85347-1_23
Daoudagh, S., Marchetti, E., Savarino, V., Bernardo, R.D., Alessi, M.: How to improve the GDPR compliance through consent management and access control. In: Proceedings of the 7th International Conference on Information Systems Security and Privacy, ICISSP 2021, 11–13 February 2021, pp. 534–541. SCITEPRESS (2021)
Davari, M., Bertino, E.: Access control model extensions to support data privacy protection based on GDPR. In: IEEE International Conference on Big Data (Big Data), Los Angeles, CA, USA, 9–12 December 2019, pp. 4017–4024. IEEE (2019)
Drozdowicz, M., Ganzha, M., Paprzycki, M.: Semantic access control for privacy management of personal sensing in smart cities. IEEE Trans. Emerg. Top. Comput. 10(1), 199–210 (2022). https://doi.org/10.1109/TETC.2020.2996974
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation). Official Journal of the European Union L119, 1–88, May 2016. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC
Khamaiseh, S., Chapman, P., Xu, D.: Model-based testing of obligatory ABAC systems. In: 2018 IEEE International Conference on QRS 2018, Lisbon, Portugal, 16–20 July 2018, pp. 405–413. IEEE (2018)
Mahindrakar, A., Joshi, K.P.: Automating GDPR compliance using policy integrated blockchain. In: 2020 IEEE 6th Intl BigDataSecurity, IEEE International Conference on HPSC and IEEE International Conference on IDS, pp. 86–93 (2020)
Mougiakou, E., Virvou, M.: Based on GDPR privacy in UML: case of e-learning program. In: 2017 8th International Conference on Information, Intelligence, Systems Applications (IISA), pp. 1–8 (2017)
Nie, C., Leung, H.: A survey of combinatorial testing. ACM Comput. Surv. (CSUR) 43(2), 1–29 (2011)
Pandit, H.J., Fatema, K., O’Sullivan, D., Lewis, D.: GDPRtEXT - GDPR as a linked data resource. In: Gangemi, A., Navigli, R., Vidal, M.-E., Hitzler, P., Troncy, R., Hollink, L., Tordai, A., Alam, M. (eds.) ESWC 2018. LNCS, vol. 10843, pp. 481–495. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93417-4_31
Robaldo, L., Bartolini, C., Palmirani, M., Rossi, A., Martoni, M., Lenzini, G.: Formalizing GDPR provisions in reified I/O logic: the DAPRECO knowledge base. J. Logic, Lang. Inf. 29(4), 401–449 (2019). https://doi.org/10.1007/s10849-019-09309-z
Sandhu, R.S., Samarati, P.: Access control: principle and practice. IEEE Commun. Mag. 32(9), 40–48 (1994)
Torre, D., Soltana, G., Sabetzadeh, M., Briand, L.C., Auffinger, Y., Goes, P.: Using models to enable compliance checking against the GDPR: an experience report. In: 2019 ACM/IEEE 22nd International Conference, MODELS, pp. 1–11. IEEE (2019)
Zhang, Y., Zhang, B.: A new testing method for XACML 3.0 policy based on abac and data flow. In: 2017 13th IEEE International Conference on Control Automation (ICCA), pp. 160–164 (2017)
Acknowledgement
This work is partially supported by the project BIECO H2020 Grant Agreement No. 952702, and by CyberSec4Europe H2020 Grant Agreement No. 830929.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 IFIP International Federation for Information Processing
About this paper
Cite this paper
Daoudagh, S., Marchetti, E. (2022). GROOT: A GDPR-Based Combinatorial Testing Approach. In: Clark, D., Menendez, H., Cavalli, A.R. (eds) Testing Software and Systems. ICTSS 2021. Lecture Notes in Computer Science, vol 13045. Springer, Cham. https://doi.org/10.1007/978-3-031-04673-5_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-04673-5_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-04672-8
Online ISBN: 978-3-031-04673-5
eBook Packages: Computer ScienceComputer Science (R0)