Information Exposure (IEX): A New Class in the Bugs Framework (BF)
dc.contributor.author | Bojanova, Irena | |
dc.contributor.author | Yesha, Yaacov | |
dc.contributor.author | Black, Paul E. | |
dc.contributor.author | Wu, Yan | |
dc.date.accessioned | 2019-10-04T14:29:00Z | |
dc.date.available | 2019-10-04T14:29:00Z | |
dc.date.issued | 2019-07-09 | |
dc.description | 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC) | en_US |
dc.description.abstract | Exposure of sensitive information can be harmful on its own. In addition, it could enable further attacks. A rigorous and unambiguous definition of information exposure faults can help researchers and practitioners identify them, thus avoiding security failures. This paper describes Information Exposure (IEX), a new class in the Bugs Framework (BF). The IEX class comprises a rigorous definition and (static) attributes of the class, along with their related dynamic properties, such as proximate and secondary causes, consequences and sites. We use the IEX class to analyze specific vulnerabilities and provide clear descriptions. We also discuss lessons we learned that will help create additional BF classes | en_US |
dc.format.extent | 6 pages | en_US |
dc.genre | conference papers and proceedings | en_US |
dc.identifier | doi:10.13016/m2hqiw-pdky | |
dc.identifier.citation | I. Bojanova, Y. Yesha, P. E. Black and Y. Wu, "Information Exposure (IEX): A New Class in the Bugs Framework (BF)," 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Milwaukee, WI, USA, 2019, pp. 559-564. doi: 10.1109/COMPSAC.2019.00086 | en_US |
dc.identifier.uri | https://doi.org/10.1109/COMPSAC.2019.00086 | |
dc.identifier.uri | http://hdl.handle.net/11603/14972 | |
dc.language.iso | en_US | en_US |
dc.publisher | IEEE | en_US |
dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
dc.relation.ispartof | UMBC Faculty Collection | |
dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | |
dc.rights | Public Domain Mark 1.0 | * |
dc.rights | This work was written as part of one of the author's official duties as an Employee of the United States Government and is therefore a work of the United States Government | |
dc.rights.uri | http://creativecommons.org/publicdomain/mark/1.0/ | * |
dc.subject | sensitive information | en_US |
dc.subject | information exposure | en_US |
dc.subject | information leakage | en_US |
dc.subject | software weaknesses | en_US |
dc.subject | bug taxonomy | en_US |
dc.subject | attacks | en_US |
dc.title | Information Exposure (IEX): A New Class in the Bugs Framework (BF) | en_US |
dc.type | Text | en_US |