Visually Identifying Potential Sensitive Information Leaks in Access-Controlled Data Services

2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion) Pub Date : 2019-05-25 DOI:10.1109/ICSE-Companion.2019.00057

Kalvin Eng

{"title":"Visually Identifying Potential Sensitive Information Leaks in Access-Controlled Data Services","authors":"Kalvin Eng","doi":"10.1109/ICSE-Companion.2019.00057","DOIUrl":null,"url":null,"abstract":"We present a novel visual-inspection methodology that relies on formal concept analysis to help developers ensure that only needed parts of sensitive information are released to authorized users in an access control model. The first step involves the annotation of the to-be-exposed data using a domain-specific ontology, which includes sensitivity attributes at a meta-level for its elements. During the role-creation step, roles are assigned privileges in the form of queries that access different parts of the data. The resulting set of roles, each associated with its own set of queries, is represented in a roles-permissions matrix and transformed into a graphical concept lattice. The lattice can be analyzed and inspected for deficiencies in the access-control model, based on the data sensitivity attributes. We hypothesize that visualizing concept lattices are useful when creating access-control models to manage data access so that the unauthorized access to sensitive and private information is curtailed.","PeriodicalId":273100,"journal":{"name":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSE-Companion.2019.00057","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

We present a novel visual-inspection methodology that relies on formal concept analysis to help developers ensure that only needed parts of sensitive information are released to authorized users in an access control model. The first step involves the annotation of the to-be-exposed data using a domain-specific ontology, which includes sensitivity attributes at a meta-level for its elements. During the role-creation step, roles are assigned privileges in the form of queries that access different parts of the data. The resulting set of roles, each associated with its own set of queries, is represented in a roles-permissions matrix and transformed into a graphical concept lattice. The lattice can be analyzed and inspected for deficiencies in the access-control model, based on the data sensitivity attributes. We hypothesize that visualizing concept lattices are useful when creating access-control models to manage data access so that the unauthorized access to sensitive and private information is curtailed.

查看原文本刊更多论文

可视化识别访问控制数据服务中潜在的敏感信息泄漏

我们提出了一种新的视觉检查方法，该方法依赖于形式概念分析，以帮助开发人员确保在访问控制模型中仅向授权用户发布敏感信息的必要部分。第一步涉及使用特定于领域的本体对要公开的数据进行注释，该本体包括元级别元素的敏感性属性。在角色创建步骤中，以查询的形式为角色分配特权，以访问数据的不同部分。生成的角色集(每个角色都与自己的查询集相关联)用角色-权限矩阵表示，并转换为图形概念格。基于数据敏感性属性，可以分析和检查访问控制模型中的缺陷。我们假设可视化的概念格在创建访问控制模型来管理数据访问时是有用的，这样可以减少对敏感和私有信息的未经授权的访问。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)

自引率

0.00%

发文量