{"title":"可视化识别访问控制数据服务中潜在的敏感信息泄漏","authors":"Kalvin Eng","doi":"10.1109/ICSE-Companion.2019.00057","DOIUrl":null,"url":null,"abstract":"We present a novel visual-inspection methodology that relies on formal concept analysis to help developers ensure that only needed parts of sensitive information are released to authorized users in an access control model. The first step involves the annotation of the to-be-exposed data using a domain-specific ontology, which includes sensitivity attributes at a meta-level for its elements. During the role-creation step, roles are assigned privileges in the form of queries that access different parts of the data. The resulting set of roles, each associated with its own set of queries, is represented in a roles-permissions matrix and transformed into a graphical concept lattice. The lattice can be analyzed and inspected for deficiencies in the access-control model, based on the data sensitivity attributes. We hypothesize that visualizing concept lattices are useful when creating access-control models to manage data access so that the unauthorized access to sensitive and private information is curtailed.","PeriodicalId":273100,"journal":{"name":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Visually Identifying Potential Sensitive Information Leaks in Access-Controlled Data Services\",\"authors\":\"Kalvin Eng\",\"doi\":\"10.1109/ICSE-Companion.2019.00057\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We present a novel visual-inspection methodology that relies on formal concept analysis to help developers ensure that only needed parts of sensitive information are released to authorized users in an access control model. The first step involves the annotation of the to-be-exposed data using a domain-specific ontology, which includes sensitivity attributes at a meta-level for its elements. During the role-creation step, roles are assigned privileges in the form of queries that access different parts of the data. The resulting set of roles, each associated with its own set of queries, is represented in a roles-permissions matrix and transformed into a graphical concept lattice. The lattice can be analyzed and inspected for deficiencies in the access-control model, based on the data sensitivity attributes. We hypothesize that visualizing concept lattices are useful when creating access-control models to manage data access so that the unauthorized access to sensitive and private information is curtailed.\",\"PeriodicalId\":273100,\"journal\":{\"name\":\"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)\",\"volume\":\"15 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-05-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSE-Companion.2019.00057\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings (ICSE-Companion)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSE-Companion.2019.00057","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Visually Identifying Potential Sensitive Information Leaks in Access-Controlled Data Services
We present a novel visual-inspection methodology that relies on formal concept analysis to help developers ensure that only needed parts of sensitive information are released to authorized users in an access control model. The first step involves the annotation of the to-be-exposed data using a domain-specific ontology, which includes sensitivity attributes at a meta-level for its elements. During the role-creation step, roles are assigned privileges in the form of queries that access different parts of the data. The resulting set of roles, each associated with its own set of queries, is represented in a roles-permissions matrix and transformed into a graphical concept lattice. The lattice can be analyzed and inspected for deficiencies in the access-control model, based on the data sensitivity attributes. We hypothesize that visualizing concept lattices are useful when creating access-control models to manage data access so that the unauthorized access to sensitive and private information is curtailed.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
