Information leakage analysis of database query languages
作者: Raju Halder , Matteo Zanioli , Agostino Cortesi
关键词: Theoretical computer science 、 Satisfiability 、 Programming language 、 Computer science 、 Static analysis 、 Propositional formula 、 Embedding 、 Abstract interpretation 、 Truth value 、 Query language 、 Domain (software engineering)
摘要: In this work, we extend language-based information-flow security analysis to the case of database applications embedding query languages. The is performed by (i) computing an overapproximation variables' dependences, in form propositional formula, occurred up each program point, (ii) checking satisfiability on assigning truth values variables, (iii) analyzing application over a numerical abstract domain, and finally, (iv) enhancing using reduced product formulae domain domain.
core.ac.uk
sci-hub.se 参考文章(19)
Christian Hammer, Experiences with PDG-Based IFC Lecture Notes in Computer Science. pp. 44- 60 ,(2010) , 10.1007/978-3-642-11747-3_4
Geoffrey Smith, Principles of Secure Information Flow Analysis Advances in Information Security. pp. 291- 307 ,(2007) , 10.1007/978-0-387-44599-1_13
Matteo Zanioli, Agostino Cortesi, Information Leakage Analysis by Abstract Interpretation SOFSEM 2011: Theory and Practice of Computer Science. ,vol. 6543, pp. 545- 557 ,(2011) , 10.1007/978-3-642-18381-2_45
Andrei Sabelfeld, David Sands, Declassification: Dimensions and principles ieee computer security foundations symposium. ,vol. 17, pp. 517- 548 ,(2009) , 10.3233/JCS-2009-0352
Liqian Chen, Antoine Miné, Patrick Cousot, A Sound Floating-Point Polyhedra Abstract Domain Programming Languages and Systems. ,vol. 5356, pp. 3- 18 ,(2008) , 10.1007/978-3-540-89330-1_2
Raju Halder, Agostino Cortesi, Abstract interpretation of database query languages Computer Languages, Systems & Structures. ,vol. 38, pp. 123- 157 ,(2012) , 10.1016/J.CL.2011.10.004
Andreas Lochbihler, Gregor Snelting, On temporal path conditions in dependence graphs automated software engineering. ,vol. 16, pp. 263- 290 ,(2009) , 10.1007/S10515-009-0050-3
Francesco Logozzo, Class invariants as abstract interpretation of trace semantics Computer Languages, Systems & Structures. ,vol. 35, pp. 100- 142 ,(2009) , 10.1016/J.CL.2005.01.001
Salvador Cavadini, Secure slices of insecure programs computer and communications security. pp. 112- 122 ,(2008) , 10.1145/1368310.1368329
Bixin Li, Analyzing information-flow in java program based on slicing technique ACM Sigsoft Software Engineering Notes. ,vol. 27, pp. 98- 103 ,(2002) , 10.1145/571681.571683