Bridging the application and DBMS divide using static analysis and dynamic profiling
Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
Maintaining database integrity with refinement types
Proceedings of the 25th European conference on Object-oriented programming
Checking enforcement of integrity constraints in database applications based on code patterns
Journal of Systems and Software
Program analysis and transformation for holistic optimization of database applications
Proceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis
Supporting automated vulnerability analysis using formalized vulnerability signatures
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
VAM-aaS: online cloud services security vulnerability analysis and mitigation-as-a-service
WISE'12 Proceedings of the 13th international conference on Web Information Systems Engineering
AppSleuth: a tool for database tuning at the application level
Proceedings of the 16th International Conference on Extending Database Technology
Proceedings of the 16th International Conference on Extending Database Technology
Automated Insertion of Exception Handling for Key and Referential Constraints
Journal of Database Management
Proceedings of the 9th Central & Eastern European Software Engineering Conference in Russia
| Hi-index | 0.00 |
Database developers today use data access APIs such as ADO.NET to execute SQL queries from their application. These applications often have security problems such as SQL injection vulnerabilities and performance problems such as poorly written SQL queries. However today's compilers have little or no understanding of data access APIs or DBMS, and hence the above problems can go undetected until much later in the application lifecycle. We present a framework that adapts traditional program analysis by leveraging understanding of data access APIs in order to identify such problems early on during application development. Our framework can analyze database application binaries that use ADO.NET data access APIs. We show how our framework can be used for a variety of analysis tasks such as SQL injection detection, workload extraction, identifying performance problems, and verifying data integrity constraints in the application.