Article

A Static Analysis Framework for Database Applications

Authors:

Arjun Dasgupta,

Vivek Narasayya,

Manoj SyamalaAuthors Info & Claims

ICDE '09: Proceedings of the 2009 IEEE International Conference on Data Engineering

Pages 1403 - 1414

https://doi.org/10.1109/ICDE.2009.98

Published: 29 March 2009 Publication History

Publisher Site

Abstract

Database developers today use data access APIs such as ADO.NET to execute SQL queries from their application. These applications often have security problems such as SQL injection vulnerabilities and performance problems such as poorly written SQL queries. However today's compilers have little or no understanding of data access APIs or DBMS, and hence the above problems can go undetected until much later in the application lifecycle. We present a framework that adapts traditional program analysis by leveraging understanding of data access APIs in order to identify such problems early on during application development. Our framework can analyze database application binaries that use ADO.NET data access APIs. We show how our framework can be used for a variety of analysis tasks such as SQL injection detection, workload extraction, identifying performance problems, and verifying data integrity constraints in the application.

Cited By

View all

Lyu YVolokh SHalfond WTripp OCadar CZhang X(2021)SAND: a static analysis approach for detecting SQL antipatternsProceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3460319.3464818(270-282)Online publication date: 11-Jul-2021
https://dl.acm.org/doi/10.1145/3460319.3464818
Chen TShang WJiang ZHassan ANasser MFlora P(2016)Finding and Evaluating the Performance Impact of Redundant Data Access for Applications that are Developed Using Object-Relational Mapping FrameworksIEEE Transactions on Software Engineering10.1109/TSE.2016.255303942:12(1148-1161)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1109/TSE.2016.2553039
Hussain SSallam ABertino EPark JSquicciarini A(2015)DetAnomProceedings of the 5th ACM Conference on Data and Application Security and Privacy10.1145/2699026.2699111(25-35)Online publication date: 2-Mar-2015
https://dl.acm.org/doi/10.1145/2699026.2699111
Show More Cited By

Recommendations

Testing database applications
SIGMOD '06: Proceedings of the 2006 ACM SIGMOD international conference on Management of data

Testing database application is challenging because most methods and tools developed for application testing do not consider the database state during the test. In this paper we demonstrate three different tools for testing database applications: HTDGen,...
Bridging the application and DBMS divide using static analysis and dynamic profiling
SIGMOD '09: Proceedings of the 2009 ACM SIGMOD International Conference on Management of data

Relational database management systems (RDBMSs) today serve as the backend for many real-world data intensive applications. Database developers use data access APIs such as ADO.NET to execute SQL queries and access data. While modern program analysis ...
A Framework For Inferring Properties of User-Defined Functions
ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering

User-defined functions (UDFs) are widely used to enhance the capabilities of DBMSs. However, using UDFs comes with a significant performance penalty because DBMSs treat UDFs as black boxes, which hinders their ability to optimize queries that invoke such ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICDE '09: Proceedings of the 2009 IEEE International Conference on Data Engineering

March 2009

1772 pages

ISBN:9780769535456

Publisher

IEEE Computer Society

United States

Publication History

Published: 29 March 2009

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lyu YVolokh SHalfond WTripp OCadar CZhang X(2021)SAND: a static analysis approach for detecting SQL antipatternsProceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3460319.3464818(270-282)Online publication date: 11-Jul-2021
https://dl.acm.org/doi/10.1145/3460319.3464818
Chen TShang WJiang ZHassan ANasser MFlora P(2016)Finding and Evaluating the Performance Impact of Redundant Data Access for Applications that are Developed Using Object-Relational Mapping FrameworksIEEE Transactions on Software Engineering10.1109/TSE.2016.255303942:12(1148-1161)Online publication date: 1-Dec-2016
https://dl.acm.org/doi/10.1109/TSE.2016.2553039
Hussain SSallam ABertino EPark JSquicciarini A(2015)DetAnomProceedings of the 5th ACM Conference on Data and Application Security and Privacy10.1145/2699026.2699111(25-35)Online publication date: 2-Mar-2015
https://dl.acm.org/doi/10.1145/2699026.2699111
Liu KTan HChen X(2013)Automated Insertion of Exception Handling for Key and Referential ConstraintsJournal of Database Management10.4018/jdm.201301010124:1(1-19)Online publication date: 1-Jan-2013
https://dl.acm.org/doi/10.4018/jdm.2013010101
Grigorev SKirilenko IPuntikov NTerekhov ATsepkov M(2013)GLR-based abstract parsingProceedings of the 9th Central & Eastern European Software Engineering Conference in Russia10.1145/2556610.2556616(1-9)Online publication date: 24-Oct-2013
https://dl.acm.org/doi/10.1145/2556610.2556616
Cao WShasha DGuerrini GPaton N(2013)Tuning in actionProceedings of the 16th International Conference on Extending Database Technology10.1145/2452376.2452468(737-740)Online publication date: 18-Mar-2013
https://dl.acm.org/doi/10.1145/2452376.2452468
Cao WShasha DGuerrini GPaton N(2013)AppSleuthProceedings of the 16th International Conference on Extending Database Technology10.1145/2452376.2452445(589-600)Online publication date: 18-Mar-2013
https://dl.acm.org/doi/10.1145/2452376.2452445
Almorsy MGrundy JIbrahim AGoedicke MMenzies TSaeki M(2012)Supporting automated vulnerability analysis using formalized vulnerability signaturesProceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering10.1145/2351676.2351691(100-109)Online publication date: 3-Sep-2012
https://dl.acm.org/doi/10.1145/2351676.2351691
Ramachandra KGuravannavar RSudarshan SBodden EHendren LLam PSherman E(2012)Program analysis and transformation for holistic optimization of database applicationsProceedings of the ACM SIGPLAN International Workshop on State of the Art in Java Program analysis10.1145/2259051.2259057(39-44)Online publication date: 14-Jun-2012
https://dl.acm.org/doi/10.1145/2259051.2259057
Almorsy MGrundy JIbrahim A(2012)VAM-aaSProceedings of the 13th international conference on Web Information Systems Engineering10.1007/978-3-642-35063-4_30(411-425)Online publication date: 28-Nov-2012
https://dl.acm.org/doi/10.1007/978-3-642-35063-4_30
Show More Cited By

Abstract

Cited By

Recommendations

Testing database applications

Bridging the application and DBMS divide using static analysis and dynamic profiling

A Framework For Inferring Properties of User-Defined Functions

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations