Defining Abstract Semantics for Static Dependence Analysis of Relational Database Applications

Dependence Graph provides the basis for powerful programming tools to address a large number of software engineering activities including security analysis. This paper proposes a semantics-based static dependence analysis framework for relational database applications based on the Abstract Interpretation theory. As database attributes differ from traditional imperative language variables, we define abstract semantics of database applications in relational abstract domain. This allows to identify statically various parts of database information (in abstract form) possibly used or defined by database statements, leading to a more precise dependence analysis. This way the semantics-based dependence computation improves w.r.t. its syntax-based counterpart. We prove the soundness of our proposed approach which guarantees that non-overlapping of the defined-part by one statement and the used-part by another statement in abstract domain always indicates a non-dependency in practice. Furthermore, the abstract semantics as a basis of the proposed framework makes it more powerful to solve undecidable scenario when initial database state is completely unknown.

[1]  Joe D. Warren,et al.  The program dependence graph and its use in optimization , 1987, TOPL.

[2]  Todd D. Millstein,et al.  Query containment for data integration systems , 2000, PODS '00.

[3]  Nimrod Megiddo,et al.  Linear Programming in Linear Time When the Dimension Is Fixed , 1984, JACM.

[4]  Damiano Zanardini,et al.  Data dependencies and program slicing: from syntax to abstract semantics , 2008, PEPM '08.

[5]  Agostino Cortesi,et al.  Verification of Hibernate Query Language by Abstract Interpretation , 2015, IScIDE.

[6]  Agostino Cortesi,et al.  Policy-Based Slicing of Hibernate Query Language , 2015, CISIM.

[7]  Alon Y. Halevy,et al.  Queries Independent of Updates , 1993, VLDB.

[8]  Christian Hammer Experiences with PDG-Based IFC , 2010, ESSoS.

[9]  Mary Jean Harrold,et al.  Slicing object-oriented software , 1996, Proceedings of IEEE 18th International Conference on Software Engineering.

[10]  Agostino Cortesi,et al.  Abstract interpretation of database query languages , 2012, Comput. Lang. Syst. Struct..

[11]  N. V. Chernikoba Algorithm for discovering the set of all the solutions of a linear programming problem , 1968 .

[12]  Patrick Cousot,et al.  A Sound Floating-Point Polyhedra Abstract Domain , 2008, APLAS.

[13]  Agostino Cortesi,et al.  A New Scale for Attribute Dependency in Large Database Systems , 2012, CISIM.

[14]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[15]  Agostino Cortesi,et al.  Abstract program slicing of database query languages , 2013, SAC '13.

[16]  Daniel A. Spielman,et al.  A randomized polynomial-time simplex algorithm for linear programming , 2006, STOC '06.

[17]  Jianhua Shao,et al.  Program slicing in the presence of database state , 2004, 20th IEEE International Conference on Software Maintenance, 2004. Proceedings..

[18]  Patrick Cousot,et al.  A gentle introduction to formal verification of computer systems by abstract interpretation , 2010, Logics and Languages for Reliability and Security.

[19]  Roberto Bagnara,et al.  The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems , 2006, Sci. Comput. Program..

[20]  Agostino Cortesi,et al.  Data Leakage Analysis of the Hibernate Query Language on a Propositional Formulae Domain , 2016, Trans. Large Scale Data Knowl. Centered Syst..

[21]  Rachid Guerraoui,et al.  Software Transactional Memory on Relaxed Memory Models , 2009, CAV.

[22]  Karl J. Ottenstein,et al.  The program dependence graph in a software development environment , 1984, SDE 1.

[23]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[24]  Jennifer Widom,et al.  An Algebraic Approach to Rule Analysis in Expert Database Systems , 1994, VLDB.

[25]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[26]  James Cheney,et al.  Provenance as Dependency Analysis , 2007, DBPL.

[27]  Peeter Laud,et al.  Application of Dependency Graphs to Security Protocol Analysis , 2007, TGC.

[28]  Scott Moore,et al.  Exploring and enforcing security guarantees via program dependence graphs , 2015, PLDI.

[29]  Bertrand Jeannet,et al.  Apron: A Library of Numerical Abstract Domains for Static Analysis , 2009, CAV.

[30]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[31]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1990, TOPL.

[32]  Angshuman Jana,et al.  On Preventing SQL Injection Attacks , 2015, ACSS.