Show simple item record

dc.contributor.authorBojanova, Irena
dc.contributor.authorYesha, Yaacov
dc.contributor.authorBlack, Paul E.
dc.contributor.authorWu, Yan
dc.date.accessioned2019-10-04T14:29:00Z
dc.date.available2019-10-04T14:29:00Z
dc.date.issued2019-07-09
dc.description2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)en_US
dc.description.abstractExposure of sensitive information can be harmful on its own. In addition, it could enable further attacks. A rigorous and unambiguous definition of information exposure faults can help researchers and practitioners identify them, thus avoiding security failures. This paper describes Information Exposure (IEX), a new class in the Bugs Framework (BF). The IEX class comprises a rigorous definition and (static) attributes of the class, along with their related dynamic properties, such as proximate and secondary causes, consequences and sites. We use the IEX class to analyze specific vulnerabilities and provide clear descriptions. We also discuss lessons we learned that will help create additional BF classesen_US
dc.format.extent6 pagesen_US
dc.genreconference papers and proceedingsen_US
dc.identifierdoi:10.13016/m2hqiw-pdky
dc.identifier.citationI. Bojanova, Y. Yesha, P. E. Black and Y. Wu, "Information Exposure (IEX): A New Class in the Bugs Framework (BF)," 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Milwaukee, WI, USA, 2019, pp. 559-564. doi: 10.1109/COMPSAC.2019.00086en_US
dc.identifier.urihttps://doi.org/10.1109/COMPSAC.2019.00086
dc.identifier.urihttp://hdl.handle.net/11603/14972
dc.language.isoen_USen_US
dc.publisherIEEEen_US
dc.relation.isAvailableAtThe University of Maryland, Baltimore County (UMBC)
dc.relation.ispartofUMBC Computer Science and Electrical Engineering Department Collection
dc.relation.ispartofUMBC Faculty Collection
dc.rightsThis item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
dc.rightsPublic Domain Mark 1.0*
dc.rightsThis work was written as part of one of the author's official duties as an Employee of the United States Government and is therefore a work of the United States Government
dc.rights.urihttp://creativecommons.org/publicdomain/mark/1.0/*
dc.subjectsensitive informationen_US
dc.subjectinformation exposureen_US
dc.subjectinformation leakageen_US
dc.subjectsoftware weaknessesen_US
dc.subjectbug taxonomyen_US
dc.subjectattacksen_US
dc.titleInformation Exposure (IEX): A New Class in the Bugs Framework (BF)en_US
dc.typeTexten_US


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Except where otherwise noted, this item's license is described as This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.