Tailoring Taint Analysis for Database Applications in the K Framework

Md. Alam; Md. Alam; Raju Halder

doi:10.5220/0010618603700377

Tailoring Taint Analysis for Database Applications in the K Framework

Md. Alam, Md. Alam, Raju Halder

2021

Abstract

Maintaining the integrity of underlying databases of any information systems is one of the challenges. This could be either due to coding flaws or due to improper flow of information from source to sink in the associated database applications. Compromising this may lead to either disclosure of sensitive information to the attackers or illegitimately modification of private data stored in the databases. Taint analysis is a widely used program analysis technique that aims at averting malicious inputs from corrupting data values in critical computations of programs. In this paper, we propose K-DBTaint, a rewriting logic-based executable semantics for taint analysis of database applications in the K framework. We specify the semantics for a subset of SQL statements along with host imperative program statements. Our K semantics can be seen as a sound approximation of program semantics in the corresponding security type domain. With respect to the existing methods, K-DBTaint supports context- and flow-sensitive analysis, reduces false alarms, and provides a scalable solution. Experimental evaluation on several PL/SQL benchmark codes demonstrates encouraging results as an improvement in the precision of the analysis.

Download

Paper Citation

in Harvard Style

Alam M. and Halder R. (2021). Tailoring Taint Analysis for Database Applications in the K Framework. In Proceedings of the 10th International Conference on Data Science, Technology and Applications - Volume 1: DATA, ISBN 978-989-758-521-0, pages 370-377. DOI: 10.5220/0010618603700377

in Bibtex Style

@conference{data21,
author={Md. Alam and Raju Halder},
title={Tailoring Taint Analysis for Database Applications in the K Framework},
booktitle={Proceedings of the 10th International Conference on Data Science, Technology and Applications - Volume 1: DATA,},
year={2021},
pages={370-377},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010618603700377},
isbn={978-989-758-521-0},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Data Science, Technology and Applications - Volume 1: DATA,
TI - Tailoring Taint Analysis for Database Applications in the K Framework
SN - 978-989-758-521-0
AU - Alam M.
AU - Halder R.
PY - 2021
SP - 370
EP - 377
DO - 10.5220/0010618603700377