In this work, we extend language-based information-flow security analysis to the case of database applications embedding query languages. The analysis is performed by (i) computing an overapproximation of variables’ dependences, in the form of propositional formula, occurred up to each program point, (ii) checking the satisfiability on assigning truth values to variables, (iii) analyzing the application over a numerical abstract domain, and finally, (iv) enhancing the analysis using the reduced product of the propositional formulae domain and the numerical abstract domain.

Information Leakage Analysis of Database Query Languages

HALDER, RAJU;ZANIOLI, Matteo;CORTESI, Agostino
2014-01-01

Abstract

In this work, we extend language-based information-flow security analysis to the case of database applications embedding query languages. The analysis is performed by (i) computing an overapproximation of variables’ dependences, in the form of propositional formula, occurred up to each program point, (ii) checking the satisfiability on assigning truth values to variables, (iii) analyzing the application over a numerical abstract domain, and finally, (iv) enhancing the analysis using the reduced product of the propositional formulae domain and the numerical abstract domain.
2014
Proceedings of the 29th ACM Symposium on Applied Computing
4.1 Articolo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
DB_Leakage.pdf

non disponibili

Tipologia: Documento in Pre-print
Licenza: Accesso chiuso-personale
Dimensione 216.2 kB
Formato Adobe PDF
  Visualizza/Apri
216.2 kB Adobe PDF   Visualizza/Apri

I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10278/40732
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 11
  • ???jsp.display-item.citation.isi??? ND
social impact