Testing software in age of data privacy: A balancing act

Kunal Taneja, Mark Grechanik, Rayid Ghani, Tao Xie

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Database-centric applications (DCAs) are common in enterprise computing, and they use nontrivial databases. Testing of DCAs is increasingly outsourced to test centers in order to achieve lower cost and higher quality. When proprietary DCAs are released, their databases should also be made available to test engineers. However, different data privacy laws prevent organizations from sharing this data with test centers because databases contain sensitive information. Currently, testing is performed with anonymized data, which often leads to worse test coverage (such as code coverage) and fewer uncovered faults, thereby reducing the quality of DCAs and obliterating benefits of test outsourcing. To address this issue, we offer a novel approach that combines program analysis with a new data privacy framework that we design to address constraints of software testing. With our approach, organizations can balance the level of privacy with needs of testing. We have built a tool for our approach and applied it to nontrivial Java DCAs. Our results show that test coverage can be preserved at a higher level by anonymizing data based on their effect on corresponding DCAs.

Original languageEnglish (US)
Title of host publicationSIGSOFT/FSE'11 - Proceedings of the 19th ACM SIGSOFT Symposium on Foundations of Software Engineering
Pages201-211
Number of pages11
DOIs
StatePublished - Sep 30 2011
Externally publishedYes
Event19th ACM SIGSOFT Symposium on Foundations of Software Engineering, SIGSOFT/FSE'11 - Szeged, Hungary
Duration: Sep 5 2011Sep 9 2011

Publication series

NameSIGSOFT/FSE 2011 - Proceedings of the 19th ACM SIGSOFT Symposium on Foundations of Software Engineering

Other

Other19th ACM SIGSOFT Symposium on Foundations of Software Engineering, SIGSOFT/FSE'11
CountryHungary
CitySzeged
Period9/5/119/9/11

    Fingerprint

Keywords

  • Data anonymity
  • PRIEST
  • Privacy framework
  • Software testing
  • Utility

ASJC Scopus subject areas

  • Software

Cite this

Taneja, K., Grechanik, M., Ghani, R., & Xie, T. (2011). Testing software in age of data privacy: A balancing act. In SIGSOFT/FSE'11 - Proceedings of the 19th ACM SIGSOFT Symposium on Foundations of Software Engineering (pp. 201-211). (SIGSOFT/FSE 2011 - Proceedings of the 19th ACM SIGSOFT Symposium on Foundations of Software Engineering). https://doi.org/10.1145/2025113.2025143