Language-based Security Analysis of Database Applications
作者: Raju Halder
DOI: 10.1109/C3IT.2015.7060109
关键词:
摘要: In today's information-age, databases are at the heart of information systems. Unauthorized leakage confidential database information, while computed by associated applications, may put system risk. Language-based flow analysis is a promising field research to detect possible in any software So far, researchers pay little attention case applications embedding languages. this paper, we address need proper data manipulation languages, and overview possi- ble extension language-based approaches systems supporting back-end.
sci-hub.se 参考文章(28)
Torben Amtoft, Anindya Banerjee, A logic for information flow analysis with an application to forward slicing of simple imperative programs Science of Computer Programming. ,vol. 64, pp. 3- 28 ,(2007) , 10.1016/J.SCICO.2006.03.002
A. Sabelfeld, A.C. Myers, Language-based information-flow security IEEE Journal on Selected Areas in Communications. ,vol. 21, pp. 5- 19 ,(2003) , 10.1109/JSAC.2002.806121
D. Willmor, S.M. Embury, Jianhua Shao, Program slicing in the presence of database state international conference on software maintenance. pp. 448- 452 ,(2004) , 10.1109/ICSM.2004.1357833
Paritosh Shroff, Scott Smith, Mark Thober, Dynamic Dependency Monitoring to Secure Information Flow ieee computer security foundations symposium. pp. 203- 217 ,(2007) , 10.1109/CSF.2007.20
Tao Bao, Yunhui Zheng, Zhiqiang Lin, Xiangyu Zhang, Dongyan Xu, Strict control dependence and its effect on dynamic information flow analyses international symposium on software testing and analysis. pp. 13- 24 ,(2010) , 10.1145/1831708.1831711
Dennis Volpano, Cynthia Irvine, Geoffrey Smith, A sound type system for secure flow analysis Journal of Computer Security. ,vol. 4, pp. 167- 187 ,(1996) , 10.3233/JCS-1996-42-304
Andrew C. Myers, JFlow Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '99. pp. 228- 241 ,(1999) , 10.1145/292540.292561
Gregor Snelting, Jens Krinke, Christian Hammer, Information flow control for Java based on path conditions in dependence graphs In: (Proceedings) IEEE International Symposium on Secure Software Engineering. (pp. pp. 87-96). (2006). ,(2006)
Rajeev Joshi, K.Rustan M. Leino, A semantic approach to secure information flow mathematics of program construction. ,vol. 37, pp. 113- 138 ,(2000) , 10.1016/S0167-6423(99)00024-6
Andrei Sabelfeld, Daniel Hedin, A Perspective on Information-Flow Control. Software Safety and Security. pp. 319- 347 ,(2012)