Please use this identifier to cite or link to this item:
Title: Data-Centric Refinement of Information Flow Analysis of Database Application
Authors: Alam, I.
Keywords: Computer Science & Engineering
Issue Date: 2015
Abstract: In the recent age of information, most of the applications are associated with external database states. Language-Based Information-Flow Security Analysis is considered most promising technique to check information leakage in the software. The confidentiality of sensitive database information may be compromised due to the influence of sensitive attributes on insensitive ones during the computation by database statements. Existing language-based approaches to capture possible leakage of sensitive database information are coarse-grained and are based on the assumption that attackers are able to view all values of insensitive attributes in the database. We propose a data-centric approach which covers more generic scenarios where attackers are able to view only a part of the attribute-values according to the policy. This leads to more precise semanticbased analysis which reduces false positives with respect to the literature. Our proposed method computes the dependences based on value rather than the attribute involved in the definition and use statements, therefore it removes the false dependences edges from the Database Oriented Program Dependence Graph and the resultant refined Database Oriented Dependence Graph is used for security analysis of the program. As first step of the analysis to catch illegal flow of private information, we assigned various security level according to their sensitivity to attributes and program variables. For simplicity, we assume two security levels: high (for private attributes/variables which contains sensitive information) and low (for public attributes/variables which contains public information). Each output statement assigned with low security level. Second step of our analysis is to compute backward slice of all output statements and find any attribute in the all slice which have high security level. If a slice have an attribute or a variable with high security level, then report that program is not secure. Thus our prosed method reduces the false alarm by removing the false dependences from the DOPDG and hence, improve the precision of the analysis.
Appears in Collections:01. CSE

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.