Bojanova, I.
, Yesha, Y.
, Black, P.
and Wu, Y.
(2019),
Information Exposure (IEX): A New Class in the Bugs Framework (BF), 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Milwaukee, WI, US, [online], https://doi.org/10.1109/COMPSAC.2019.00086, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=927491
(Accessed April 18, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Information Exposure (IEX): A New Class in the Bugs Framework (BF)
Published
Author(s)
, Yaacov Yesha, , Yan Wu
Abstract
Exposure of sensitive information can be harmful on its own and in addition could enable further attacks. A rigorous and unambiguous definition of information exposure faults can help researchers and practitioners identify them, thus avoiding security failures. This paper describes Information Exposure (IEX), a new class in the Bugs Framework (BF). The BF comprises rigorous definitions and (static) attributes of fault classes, along with their related dynamic properties, such as proximate and secondary causes, consequences and sites. We use this new BF class to analyze specific vulnerabilities and provide clear descriptions. We also discuss lessons we learned that will help create additional BF classes.Proceedings Title
2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)
Conference Dates
July 15-19, 2019
Conference Location
Milwaukee, WI, US
Pub Type
Conferences
Download Paper
Keywords
sensitive information, information exposure, information leakage, software weaknesses, bug taxonomy, attacks
Citation
Created July 9, 2019, Updated January 10, 2022