DocumentCode
3124455
Title
A Static Analysis Framework for Database Applications
Author
Dasgupta, Arjun ; Narasayya, Vivek ; Syamala, Manoj
Author_Institution
Univ. of Texas, Arlington, TX
fYear
2009
fDate
March 29 2009-April 2 2009
Firstpage
1403
Lastpage
1414
Abstract
Database developers today use data access APIs such as ADO.NET to execute SQL queries from their application. These applications often have security problems such as SQL injection vulnerabilities and performance problems such as poorly written SQL queries. However today´s compilers have little or no understanding of data access APIs or DBMS, and hence the above problems can go undetected until much later in the application lifecycle. We present a framework that adapts traditional program analysis by leveraging understanding of data access APIs in order to identify such problems early on during application development. Our framework can analyze database application binaries that use ADO.NET data access APIs. We show how our framework can be used for a variety of analysis tasks such as SQL injection detection, workload extraction, identifying performance problems, and verifying data integrity constraints in the application.
Keywords
SQL; application program interfaces; data integrity; database management systems; query processing; security of data; ADO.NET; DBMS; SQL injection detection; SQL queries; application lifecycle; data access API; data integrity constraints; database applications; performance problems; static analysis framework; workload extraction; Computer languages; Data analysis; Data engineering; Data mining; Data security; Information security; Java; Performance analysis; Production; Relational databases; SQLinjection; Static analysis; database applications; workload;
fLanguage
English
Publisher
ieee
Conference_Titel
Data Engineering, 2009. ICDE '09. IEEE 25th International Conference on
Conference_Location
Shanghai
ISSN
1084-4627
Print_ISBN
978-1-4244-3422-0
Electronic_ISBN
1084-4627
Type
conf
DOI
10.1109/ICDE.2009.98
Filename
4812541
Link To Document