Authors: Md. Imran Alam; Raju Halder
Addresses: Department of Computer Science and Engineering, Indian Institute of Technology Patna, India ' Department of Computer Science and Engineering, Indian Institute of Technology Patna, India
Abstract: Preserving confidentiality of sensitive information in any computing system always remains a challenging issue. One such reason is improper coding of softwares which may lead to the disclosure of sensitive information to unauthorised users while propagating along the code during execution. Language-based information flow security analysis has emerged as a promising technique to prove that program's executions do not leak sensitive information to untrusted users. In this paper, we propose information flow analysis of database applications. The main contributions of the paper are: 1) refinement of dependence graphs for database applications by removing false dependencies; 2) information-flow analysis of database applications using refined dependence graph. Our approach covers a more generic scenario where attackers are able to view only a part of the attribute-values according to the policy, and leads to a more precise semantic-based analysis which reduces false positives with respect to the literature.
Keywords: information flow analysis; dependency graphs; database security; false dependencies; false positives; semantics; database attacks.
International Journal of Trust Management in Computing and Communications, 2016 Vol.3 No.3, pp.193 - 223
Received: 09 Dec 2015
Accepted: 17 Mar 2016
Published online: 27 Jan 2017 *