Application-Screen Masking: A Hybrid Approach

Large organizations often face difficult tradeoffs in balancing the need to share information with the need to safeguard sensitive data. A prominent way to deal with this tradeoff is on-the-fly screen masking of sensitive data in applications. A proposed hybrid approach for masking Web application screens combines the advantages of the context available at the presentation layer with the flexibility and low overhead of masking at the network layer. This solution can identify sensitive information in the visual context of the application screen and then automatically generate the masking rules to enforce at run time. This approach supports the creation of highly expressive masking rules, while keeping rule authoring easy and intuitive, resulting in an easy to use, effective system. This article is part of a special issue on Security and Privacy on the Web. The Web extra at https://youtu.be/4u2FLqjaIiI is a short demonstration of a proposed hybrid approach for masking Web application screens that combines the advantages of the context available at the presentation layer with the flexibility and low overhead of masking at the network layer. The second Web extra at https://youtu.be/-Hz3P_H0UnU is a full-length demonstration of a proposed hybrid approach for masking Web application screens that combines the advantages of the context available at the presentation layer with the flexibility and low overhead of masking at the network layer.