Sensitive information leakage analysis of database code by abstract interpretation

Abstract

An information system stores outside data in the backend database to process them efficiently and protects sensitive data from illegitimate flow or unauthorised users. However, most information systems are made in such a way that the sensitive information stored in a database may be leaked explicitly or implicitly during data processing along with the control structure of the program to the output channels. Therefore, sensitive data leakage is one of the crucial security threat. In this paper, the main objective is to detect the illegitimate flow of confidential information in an information system. We propose a framework to detect sensitive information leakage through the data-flow paths of an information system. In particular, to compute the precise set of data-flow paths, we use the non-relational abstract property of the interval domain and the relational abstract property of the polyhedra domain that enables the framework to produce efficient security analysis results.