A Policy Framework for Securing Cloud APIs by Combining Application Context with Generative AI
- Shriti Priya
- Julian James Stephen
- 2024
- ACSAC 2024
I am a research scientist at IBM T. J. Watson Research Center, NY. I am interested in building systems and models that solve real world problems without compromising security and privacy of data. I received my Ph.D. in Computer Science from Purdue University, IN. Projects I am most actively working on are summarized here.
## Identifying threats to sensitive data ##
Most entities today deal with sensitive data in one form or another. Sensitive data could be personal (customers, employees etc), confidential (trade secrets, intellectual properties etc) or in other forms. Understanding how these data interact with rest of the software and hardware ecosystem is critical to understand the associated exposures and risks.
Techniques required to identify and score threats to data and the granularity of information needed for such techniques to be effective is not well understood currently. We are exploring practical approaches that look at how data elements move (or flow) within modern application deployments to identify privacy threats. We are working on a scoring mechanism based on data flows, how flows intersect, centrality, and influence of these flows on other assets.
Selected talks and publications
Full list here