Information Exposure (IEX): A New Class in the Bugs Framework (BF)
Loading...
Links to Files
Author/Creator
Author/Creator ORCID
Date
2019-07-09
Type of Work
Department
Program
Citation of Original Publication
I. Bojanova, Y. Yesha, P. E. Black and Y. Wu, "Information Exposure (IEX): A New Class in the Bugs Framework (BF)," 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Milwaukee, WI, USA, 2019, pp. 559-564. doi: 10.1109/COMPSAC.2019.00086
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Public Domain Mark 1.0
This work was written as part of one of the author's official duties as an Employee of the United States Government and is therefore a work of the United States Government
Public Domain Mark 1.0
This work was written as part of one of the author's official duties as an Employee of the United States Government and is therefore a work of the United States Government
Abstract
Exposure of sensitive information can be harmful
on its own. In addition, it could enable further attacks. A rigorous
and unambiguous definition of information exposure faults can
help researchers and practitioners identify them, thus avoiding
security failures. This paper describes Information Exposure
(IEX), a new class in the Bugs Framework (BF). The IEX class
comprises a rigorous definition and (static) attributes of the class,
along with their related dynamic properties, such as proximate
and secondary causes, consequences and sites. We use the IEX
class to analyze specific vulnerabilities and provide clear
descriptions. We also discuss lessons we learned that will help
create additional BF classes