Defining Abstract Semantics for Static Dependence Analysis of Relational Database Applications

@inproceedings{Jana2016DefiningAS,
  title={Defining Abstract Semantics for Static Dependence Analysis of Relational Database Applications},
  author={Angshuman Jana and Raju Halder},
  booktitle={ICISS},
  year={2016}
}
Dependence Graph provides the basis for powerful programming tools to address a large number of software engineering activities including security analysis. This paper proposes a semantics-based static dependence analysis framework for relational database applications based on the Abstract Interpretation theory. As database attributes differ from traditional imperative language variables, we define abstract semantics of database applications in relational abstract domain. This allows to… 
Extending Abstract Interpretation to Dependency Analysis of Database Applications
TLDR
The Abstract Interpretation framework for static dependency analysis of database applications is extended, providing a semantics-based computation tunable with respect to precision, and instantiate dependency computation by using various relational and non-relational abstract domains.
Data-centric Refinement of Database-Database Dependency Analysis of Database Program
TLDR
To this aim, a data-centric based approach is proposed to compute precise dependency information by removing false alarms, and the syntax-based DOPDG construction is augmented by adding three extra nodes and edges.
Code-based Analysis Approach to Detect and Prevent SQL Injection Attacks
  • Angshuman Jana, D. Maity
  • Computer Science
    2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT)
  • 2020
TLDR
This paper proposes a code-based analysis approach to automatically detect and prevent the possible SQL Injection Attacks (SQLIA) in a query before submitting it to the underlying database.
Confidentiality Leakage Analysis of Database-Driven Applications

References

SHOWING 1-10 OF 38 REFERENCES
Data dependencies and program slicing: from syntax to abstract semantics
TLDR
It is claimed that slicing can be defined, and therefore calculated, parametrically on the chosen notion of dependency, which implies a different result when building the program dependency graph.
Abstract program slicing of database query languages
TLDR
The notions of semantic relevancy of statements, semantic data dependences and conditional dependences are extended to the case of programs embedding SQL statements in both concrete and abstract domains, yielding to a more accurate semantics-based abstract program slicing algorithm.
Queries Independent of Updates
TLDR
New insight into the independence problem is provided by reducing it to the equivalence problem for datalog programs (both for the case of insertion and deletion updates) and new cases in which independence is decidable are presented.
Exploring and enforcing security guarantees via program dependence graphs
We present PIDGIN, a program analysis and understanding tool that enables the specification and enforcement of precise application-specific information security guarantees. PIDGIN also allows
Slicing object-oriented software
TLDR
This work describes the construction of system dependence graphs for object-oriented software on which efficient slicing algorithms can be applied and shows how to compute slices for individual classes, groups of interacting classes and complete programs.
The program dependence graph and its use in optimization
TLDR
An intermediate program representation, called the program dependence graph (PDG), that makes explicit both the data and control dependences for each operation in a program, allowing transformations to be triggered by one another and applied only to affected dependences.
Policy-Based Slicing of Hibernate Query Language
TLDR
This paper introduces a policy-based slicing of Hibernate Query Language (HQL) based on a refined notion of dependence graph, and extends the Class Dependence Graph of object-oriented languages to the case of HQL, and refine it by applying semantics-based Abstract Interpretation framework.
An Algebraic Approach to Rule Analysis in Expert Database Systems
TLDR
This work provides methods for static analysis of Condition-Action rules and improves considerably on the previous methods by providing analysis criteria that are much less conservative: the methods often determine that a rule set will terminate or is confluent when previous methods could not.
Application of Dependency Graphs to Security Protocol Analysis
TLDR
This work starts with the protocol representation as a dependency graph indicating possible flows of data in all possible runs of the protocol and replaces the cryptographic operations with constructions which are "obviously secure".
Abstract interpretation of database query languages
...
...