Abstract

Preserving confidentiality of sensitive information in any computing system always remains a challenging issue. One such reason is improper coding of softwares which may lead to the disclosure of sensitive information to unauthorised users while propagating along the code during execution. Language-based information flow security analysis has emerged as a promising technique to prove that program's executions do not leak sensitive information to untrusted users. In this paper, we propose information flow analysis of database applications. The main contributions of the paper are: 1) refinement of dependence graphs for database applications by removing false dependencies; 2) information-flow analysis of database applications using refined dependence graph. Our approach covers a more generic scenario where attackers are able to view only a part of the attribute-values according to the policy, and leads to a more precise semantic-based analysis which reduces false positives with respect to the literature.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.