In this work, we extend language-based information-flow security analysis to the case of database applications embedding query languages. The analysis is performed by (i) computing an overapproximation of variables’ dependences, in the form of propositional formula, occurred up to each program point, (ii) checking the satisfiability on assigning truth values to variables, (iii) analyzing the application over a numerical abstract domain, and finally, (iv) enhancing the analysis using the reduced product of the propositional formulae domain and the numerical abstract domain.

Information Leakage Analysis of Database Query Languages

HALDER, RAJU;ZANIOLI, Matteo;CORTESI, Agostino
2014

Abstract

In this work, we extend language-based information-flow security analysis to the case of database applications embedding query languages. The analysis is performed by (i) computing an overapproximation of variables’ dependences, in the form of propositional formula, occurred up to each program point, (ii) checking the satisfiability on assigning truth values to variables, (iii) analyzing the application over a numerical abstract domain, and finally, (iv) enhancing the analysis using the reduced product of the propositional formulae domain and the numerical abstract domain.
Proceedings of the 29th ACM Symposium on Applied Computing
File in questo prodotto:
File Dimensione Formato  
DB_Leakage.pdf

non disponibili

Tipologia: Documento in Pre-print
Licenza: Accesso chiuso-personale
Dimensione 216.2 kB
Formato Adobe PDF
216.2 kB Adobe PDF   Visualizza/Apri

I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10278/40732
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 9
  • ???jsp.display-item.citation.isi??? ND
social impact