Sensitive information leakage analysis of database code by abstract interpretation Online publication date: Tue, 20-Jun-2023
by Angshuman Jana
International Journal of Security and Networks (IJSN), Vol. 18, No. 2, 2023
Abstract: An information system stores outside data in the backend database to process them efficiently and protects sensitive data from illegitimate flow or unauthorised users. However, most information systems are made in such a way that the sensitive information stored in a database may be leaked explicitly or implicitly during data processing along with the control structure of the program to the output channels. Therefore, sensitive data leakage is one of the crucial security threat. In this paper, the main objective is to detect the illegitimate flow of confidential information in an information system. We propose a framework to detect sensitive information leakage through the data-flow paths of an information system. In particular, to compute the precise set of data-flow paths, we use the non-relational abstract property of the interval domain and the relational abstract property of the polyhedra domain that enables the framework to produce efficient security analysis results.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Security and Networks (IJSN):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com