Abstract:
Application software needs to use sensitive information to build up the authentication between client and server, so how to measure the security or sensitivity of sensitive information during processing is an open issue. According to the procedure of sensitive information processing and context of its occurrence, inherent property, variable property and inferenced property have been defined, the mapping rules from these properties to data operations have been designed, and a method of sensitivity calculation based on AHP (analytic hierarchy process) and TOPSIS (technique for order preference by similarity to an ideal solution) has been proposed. This method can demonstrate dynamic changes of sensitivities among sensitive information processing to support security prevention against information leakage and attacks, and can be applied to security analysis and trust measure of trustworthy software on sensitive information. Finally, experimental results demonstrate that this method can describe sensitivity changes among sensitive information processing, and discover the potentially dangerous points in this processing, so its effectivity has been verified.