Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Exposure (IEX): A New Class in the Bugs Framework (BF)

Published

Author(s)

Irena Bojanova, Yaacov Yesha, Paul E. Black, Yan Wu

Abstract

Exposure of sensitive information can be harmful on its own and in addition could enable further attacks. A rigorous and unambiguous definition of information exposure faults can help researchers and practitioners identify them, thus avoiding security failures. This paper describes Information Exposure (IEX), a new class in the Bugs Framework (BF). The BF comprises rigorous definitions and (static) attributes of fault classes, along with their related dynamic properties, such as proximate and secondary causes, consequences and sites. We use this new BF class to analyze specific vulnerabilities and provide clear descriptions. We also discuss lessons we learned that will help create additional BF classes.
Proceedings Title
2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)
Conference Dates
July 15-19, 2019
Conference Location
Milwaukee, WI, US

Keywords

sensitive information, information exposure, information leakage, software weaknesses, bug taxonomy, attacks

Citation

Bojanova, I. , Yesha, Y. , Black, P. and Wu, Y. (2019), Information Exposure (IEX): A New Class in the Bugs Framework (BF), 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Milwaukee, WI, US, [online], https://doi.org/10.1109/COMPSAC.2019.00086, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=927491 (Accessed January 17, 2022)
Created July 9, 2019, Updated January 10, 2022