Command Line Interface Risk Modeling
Dr Anthony L. Faulds
TL;DR
This paper introduces a machine-learning approach to automatically identify and redact sensitive data in command-line interfaces, enhancing security without relying solely on privileged personnel.
Contribution
It presents a novel machine-learning model tailored for Azure PowerShell to detect and mask sensitive information, extending applicability to other CLI tools and APIs.
Findings
Effective masking of sensitive data demonstrated using F5-score.
Various transformation techniques improve detection accuracy.
Model applicable to multiple command-line interfaces and APIs.
Abstract
Protecting sensitive data is an essential part of security in cloud computing. However, only specific privileged individuals have access to view or interact with this data; therefore, it is unscalable to depend on these individuals also to maintain the software. A solution to this is to allow non-privileged individuals access to maintain these systems but mask sensitive information from egressing. To this end, we have created a machine-learning model to predict and redact fields with sensitive data. This work concentrates on Azure PowerShell, showing how it applies to other command-line interfaces and APIs. Using the F5-score as a weighted metric, we demonstrate different transformation techniques to map this problem from an unknown field to the well-researched area of natural language processing.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Network Security and Intrusion Detection · Digital and Cyber Forensics