Database Management in Computer Science

dr xiang fu n.w
1 / 30
Embed
Share

"Explore topics in database management, SQLUnit, white-box analysis, servlet path transducers, and more in computer science research presented by Dr. Xiang Fu, Assistant Professor at Hofstra University."

  • Database Management
  • Computer Science
  • SQLUnit
  • White-Box Analysis
  • Servlet Path
rayaanacharya
mcguffin_b Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Dr. Xiang Fu Assistant Professor Hofstra University Department of Computer Science

  2. Introduction Path Transducer Model Relational Constraint Call Sequence Synthesis Detecting Workflow Attack Related Work and Conclusion

  3. Databases Databases Web Server Web Server

  4. Traditionally, SQLUnit Manual Reverse Inference of DB State Given Query Generate Initial DB Instance Our Problem: Synthesis Problem Given Database State Synthesize Call Sequence SQLUnit & DBUnit DBUnit Manual Test Case Design Query & Expected Result Expected Result Database State Call Sequence of Servlets

  5. White-box Analysis (1) Interface Extraction Path Transducers (2) Coverage Goal Extraction (3) Call Sequence Generation Adaptation Discover Workflow Attacks

  6. Servlet Path Transducers Relational Transducer that Models One Execution Path Path Condition Side Effects to DB Servlet

  7. Relational Data Schema Input Domain Finite Set of Session Variables Boolean Combination of Terms Equality v = v + 1 Satisfiability Check )) ( ( SAT ' ' 2 1 T a =

  8. Selection = ( ) 1 2 2 Projection ( ) 1 Cross Product 2 Union 1 2 Difference 1 2

  9. SimpleScarf Login.php ShowSessions.php GenOptions.php AddMember.php InsertSession.php

  10. U Users S Sessions int sid vchar uname vchar pwd vchar sname M Members int sid vchar uname

  11. Check Valid Session Var #uname Select Session Info No Side Effects #uname

  12. User Specify New Session Name $S Update Relation Sessions $SI I Sessions

  13. Takes Two Parameters $u $s Add Membership Info $uA A: User Name $sA A: Session Name

  14. Add User: One of Many Functions Available Takes Two Parameters $u $p $uG G: User name $pG G: Password Encrypt Password Password Rules Encoded Using String Constraint

  15. Given Two Parameters $u $p When Success, Update Session Variable #u $uL L: user name $pL L: password #u: Session Variable on user name

  16. Key to Synthesis Khurshid sApproach [ASE 08] Translate to Alloy

  17. Post Image Transition System

  18. Join of Session and Membership Select Session Name s1 Find users in paper session s1 but not in s2 Project to uname Goal: Find DB Instance Satisfies Satisfies query

  19. Vars Vars Clauses Clauses Trans_Time Trans_Time Solve_Time Solve_Time 4833 7876 829ms 829ms 78ms 78ms

  20. Coverage Goal: Line # 45 List of HTTP Requests CALL Seq Synthesis Algorithm Path Transducers

  21. Knowledge In Advance: (1) Each Path Transducer (Relational Logic) (2) Relations (3) Session Algorithm: Backtrack Each Path Transducer Transition System Relations being Modified (add, drop, modify) Session Vars Vars being Modified = Pre(H , ) Current Constraint Heuristic to pick to the next servlet: watch the difference between the relations in the current constraints and target constraints. Insertion has priority HTTP Request ( , ) ( , )

  22. Coverage Goal Target Constraint Initial Constraint Path Transducer: Target Constraint: True Initial Constraint: Path Transducer:

  23. Transition Post-Image Standard Existential Quantification M M and #u Next servlet: AddMember #u modified! Compare AddMember or Login Login Initial Constraint Initial Constraint:

  24. 1.07 seconds for generating the model by ALLOY

  25. EnterAddr ChargeCC GenReceipt PrintShipping How to Detect Workflow Attack? How to Detect Workflow Attack? (1) Static Analysis for ALL URLS that could be generated by a servlet (2) Modify the Backtrack algorithm for locating an abnormal link not in the ALL_URLs set Database manipulation TAKEN CARE OF.

  26. Proposal of Several Interesting Directions Extraction of Path Transducer Model Solving Relational Constraints Call Sequence Synthesis Algorithm Extension for Detecting Workflow Attacks Future Directions Implementation

  27. Interface Extraction [Halfond FSE07], [Halfond FSE 08] Relational Transducer [Abiteboul JCSS00] Query Aware Relational Constraint Solving [Binnig ICDE07, Khalek ICSE08] Session Based Testing of Web App [Elbaum TSE05, Sampath ASE05, Sprenkle FSE05]

Related


No related presentations.

More Related Content