Skip to main content
SpringerLink
Log in

Information-Flow Analysis of Hibernate Query Language

  • Conference paper
Book cover Future Data and Security Engineering (FDSE 2014)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8860))

Included in the following conference series:

Abstract

Hibernate Query Language (HQL) provides a framework for mapping object-oriented domain models to traditional relational databases. In this context, existing information leakage analyses cannot be applied directly, due to the presence and interaction of high-level application variables and SQL database attributes. The paper extends the Abstract Interpretation framework to properly deal with this challenging applicative scenario, by using the symbolic domain of positive propositional formulae to capture variable dependences affecting (directly or indirectly) the propagation of confidential data.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bauer, C., King, G.: Hibernate in Action. Manning Publications Co. (2004)

    Google Scholar 

  2. Bauer, C., King, G.: Java Persistence with Hibernate. Manning Publications Co. (2006)

    Google Scholar 

  3. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 238–252. ACM Press, Los Angeles (1977)

    Google Scholar 

  4. Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Proceedings of the 6th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 269–282. ACM Press, San Antonio (1979)

    Google Scholar 

  5. Denning, D.E.: A lattice model of secure information flow. Communications of the ACM 19, 236–243 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  6. Elliott, J., O’Brien, T., Fowler, R.: Harnessing Hibernate, 1st edn. O’Reilly (2008)

    Google Scholar 

  7. Halder, R., Cortesi, A.: Abstract interpretation of database query languages. Computer Languages, Systems & Structures 38, 123–157 (2012)

    Article  MATH  Google Scholar 

  8. Halder, R., Zanioli, M., Cortesi, A.: Information leakage analysis of database query languages. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing (SAC 2014), March 24-28, pp. 813–820. ACM Press, Gyeongju (2014)

    Chapter  Google Scholar 

  9. Hammer, C., Snelting, G.: Flow-sensitive, context-sensitive, and object-sensitive information flow control based on program dependence graphs. International Journal of Information Security 8, 399–422 (2009)

    Article  Google Scholar 

  10. Li, B.: Analyzing information-flow in java program based on slicing technique. SIGSOFT Software Engineering Notes 27, 98–103 (2002)

    Article  Google Scholar 

  11. Logozzo, F.: Class invariants as abstract interpretation of trace semantics. Computer Languages, Systems & Structures 35, 100–142 (2009)

    Article  Google Scholar 

  12. Myers, A.C.: Jflow: Practical mostly-static information flow control. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 228–241. ACM Press, San Antonio (1999)

    Chapter  Google Scholar 

  13. Pottier, F., Simonet, V.: Information flow inference for ml. ACM Transactions on Programming Languages and Systems 25, 117–158 (2003)

    Article  Google Scholar 

  14. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21, 5–19 (2003)

    Article  Google Scholar 

  15. Smith, S.F., Thober, M.: Refactoring programs to secure information flows. In: Proceedings of the Workshop on Programming Languages and Analysis for Security, pp. 75–84. ACM Press, Canada (2006)

    Google Scholar 

  16. Zanioli, M., Cortesi, A.: Information leakage analysis by abstract interpretation. In: Černá, I., Gyimóthy, T., Hromkovič, J., Jefferey, K., Králović, R., Vukolić, M., Wolf, S. (eds.) SOFSEM 2011. LNCS, vol. 6543, pp. 545–557. Springer, Heidelberg (2011)

    Google Scholar 

  17. Zanioli, M., Ferrara, P., Cortesi, A.: Sails: Static analysis of information leakage with sample. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC 2012), pp. 1308–1313. ACM Press, Trento (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Università Ca’ Foscari Venezia, Italy

    Agostino Cortesi

  2. Indian Institute of Technology Patna, India

    Raju Halder

Authors
  1. Agostino Cortesi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Raju Halder
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Ho Chi Minh City University of Technology, 268 Ly Thuong Kiet Street, District 10, Ho Chi Minh City, Vietnam

    Tran Khanh Dang  & Nam Thoai  & 

  2. Johannes Kepler University Linz, Altenberger Straße 69, 4040, Linz, Austria

    Roland Wagner  & Josef Küng  & 

  3. University of Vienna, Währinger Straße 29, 1190, Wien, Austria

    Erich Neuhold

  4. Hosei University, 3-7-2, Kajino-machi, 184-8584, Koganei-shi, Tokyo, Japan

    Makoto Takizawa

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Cortesi, A., Halder, R. (2014). Information-Flow Analysis of Hibernate Query Language. In: Dang, T.K., Wagner, R., Neuhold, E., Takizawa, M., Küng, J., Thoai, N. (eds) Future Data and Security Engineering. FDSE 2014. Lecture Notes in Computer Science, vol 8860. Springer, Cham. https://doi.org/10.1007/978-3-319-12778-1_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12778-1_20

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12777-4

  • Online ISBN: 978-3-319-12778-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation