Information Exposure (IEX) Class in the Bugs Framework (BF)

Exposure of sensitive information can be harmful on its own and in addition could enable further attacks. A rigorous and unambiguous definition of information exposure faults can help researchers and practitioners identify them, thus avoiding security failures. This poster describes Information Exposure (IEX), a new class in the Bugs Framework (BF). BF comprises rigorous definitions and (static) attributes of fault classes, along with their related dynamic properties, such as proximate and secondary causes, consequences and sites. We use this new BF class to analyze specific vulnerabilities and provide clear descriptions. 

Irena Bojanova is the Project Lead of the NIST Bugs Framework (BF). Previously she was a program chair at UMUC, an academic director at JHU-CTY, and a co-founder of OBS Ltd. (now CSC Bulgaria). She earned her Ph.D. in Mathematics/ Computer Science from the Bulgarian Academy of Sciences in 1991. Irena serves as EIC of IEEE IT Professional magazine, co-chair of IEEE RS IoT TC and founding member of IEEE TSC on Big Data. She was the founding chair of IEEE CS Cloud Computing STC, EIC of IEEE Transactions on Cloud Computing, Committee on Integrity Chair and a Member at Large of IEEE CS Publications Board.

Paul E. Black has nearly 20 years of industrial experience in developing software for IC design and verification, assuring software quality, and managing business data processing. He is the founder and editor of the Dictionary of Algorithms and Data Structures https://www.nist.gov/dads/. Black earned a Ph.D. from Brigham Young University in 1998. He taught classes at Brigham Young University and Johns Hopkins University. He has published in static analysis, software testing, networks and queuing analysis, formal methods, software verification, quantum computing, and computer forensics. He is a member of ACM and a senior member of IEEE.