Refining dependencies for information flow analysis of database applications Online publication date: Fri, 27-Jan-2017
by Md. Imran Alam; Raju Halder
International Journal of Trust Management in Computing and Communications (IJTMCC), Vol. 3, No. 3, 2016
Abstract: Preserving confidentiality of sensitive information in any computing system always remains a challenging issue. One such reason is improper coding of softwares which may lead to the disclosure of sensitive information to unauthorised users while propagating along the code during execution. Language-based information flow security analysis has emerged as a promising technique to prove that program's executions do not leak sensitive information to untrusted users. In this paper, we propose information flow analysis of database applications. The main contributions of the paper are: 1) refinement of dependence graphs for database applications by removing false dependencies; 2) information-flow analysis of database applications using refined dependence graph. Our approach covers a more generic scenario where attackers are able to view only a part of the attribute-values according to the policy, and leads to a more precise semantic-based analysis which reduces false positives with respect to the literature.
Online publication date: Fri, 27-Jan-2017
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Trust Management in Computing and Communications (IJTMCC):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email firstname.lastname@example.org