Hibernate Query Language (HQL) provides a framework for mapping object-oriented domain models to traditional relational databases. In this context, existing information leakage analyses cannot be applied directly, due to the presence and interaction of high-level application variables and SQL database attributes. The paper extends the Abstract Interpretation framework to properly deal with this challenging applicative scenario, by using the symbolic domain of positive propositional formulae to capture variable dependences affecting (directly or indirectly) the propagation of confidential data.

Information-flow Analysis of Hibernate Query Languages

CORTESI, Agostino;
2014-01-01

Abstract

Hibernate Query Language (HQL) provides a framework for mapping object-oriented domain models to traditional relational databases. In this context, existing information leakage analyses cannot be applied directly, due to the presence and interaction of high-level application variables and SQL database attributes. The paper extends the Abstract Interpretation framework to properly deal with this challenging applicative scenario, by using the symbolic domain of positive propositional formulae to capture variable dependences affecting (directly or indirectly) the propagation of confidential data.
2014
Future Data and Security Engineering
4.1 Articolo in Atti di convegno
File in questo prodotto:
File Dimensione Formato  
HQLleakage (1).pdf

Open Access dal 01/01/2016

Tipologia: Documento in Pre-print
Licenza: Accesso chiuso-personale
Dimensione 446.59 kB
Formato Adobe PDF
Visualizza/Apri
446.59 kB Adobe PDF Visualizza/Apri

I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/10278/43540
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? 3
social impact