On the automated verification of web applications with embedded SQL

Shachar Itzhaky; Tomer Kotek; Noam Rinetzky; Mooly Sagiv; Orr Tamir; Helmut Veith; Florian Zuleger

doi:10.4230/LIPIcs.ICDT.2017.16

On the automated verification of web applications with embedded SQL

Shachar Itzhaky, Tomer Kotek, Noam Rinetzky, Mooly Sagiv, Orr Tamir, Helmut Veith, Florian Zuleger

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

6 Scopus citations

Abstract

A large number of web applications is based on a relational database together with a program, typically a script, that enables the user to interact with the database through embedded SQL queries and commands. In this paper, we introduce a method for formal automated verification of such systems which connects database theory to mainstream program analysis. We identify a fragment of SQL which captures the behavior of the queries in our case studies, is algorithmically decidable, and facilitates the construction of weakest preconditions. Thus, we can integrate the analysis of SQL queries into a program analysis tool chain. To this end, we implement a new decision procedure for the SQL fragment that we introduce. We demonstrate practical applicability of our results with three case studies, a web administrator, a simple firewall, and a conference management system.

Original language	English
Title of host publication	20th International Conference on Database Theory, ICDT 2017
Editors	Giorgio Orsi, Michael Benedikt
Publisher	Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
ISBN (Electronic)	9783959770248
DOIs	https://doi.org/10.4230/LIPIcs.ICDT.2017.16
State	Published - 1 Mar 2017
Event	20th International Conference on Database Theory, ICDT 2017 - Venice, Italy Duration: 21 Mar 2017 → 24 Mar 2017

Publication series

Name	Leibniz International Proceedings in Informatics, LIPIcs
Volume	68
ISSN (Print)	1868-8969

Conference

Conference	20th International Conference on Database Theory, ICDT 2017
Country/Territory	Italy
City	Venice
Period	21/03/17 → 24/03/17

Funding

Funders	Funder number
Austrian National Research Network	S11403-N23
Austrian Science Fund

Keywords

Decidability
Program verification
Reasoning
SQL
Scripting language
Two-variable fragment of First Order logic
Web services

Access to Document

10.4230/LIPIcs.ICDT.2017.16

Cite this

Itzhaky, S., Kotek, T., Rinetzky, N., Sagiv, M., Tamir, O., Veith, H., & Zuleger, F. (2017). On the automated verification of web applications with embedded SQL. In G. Orsi, & M. Benedikt (Eds.), 20th International Conference on Database Theory, ICDT 2017 Article 16 (Leibniz International Proceedings in Informatics, LIPIcs; Vol. 68). Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing. https://doi.org/10.4230/LIPIcs.ICDT.2017.16

Itzhaky, Shachar ; Kotek, Tomer ; Rinetzky, Noam et al. / On the automated verification of web applications with embedded SQL. 20th International Conference on Database Theory, ICDT 2017. editor / Giorgio Orsi ; Michael Benedikt. Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing, 2017. (Leibniz International Proceedings in Informatics, LIPIcs).

@inproceedings{5b21638546624bc1bb06e5b84123a55e,

title = "On the automated verification of web applications with embedded SQL",

abstract = "A large number of web applications is based on a relational database together with a program, typically a script, that enables the user to interact with the database through embedded SQL queries and commands. In this paper, we introduce a method for formal automated verification of such systems which connects database theory to mainstream program analysis. We identify a fragment of SQL which captures the behavior of the queries in our case studies, is algorithmically decidable, and facilitates the construction of weakest preconditions. Thus, we can integrate the analysis of SQL queries into a program analysis tool chain. To this end, we implement a new decision procedure for the SQL fragment that we introduce. We demonstrate practical applicability of our results with three case studies, a web administrator, a simple firewall, and a conference management system.",

keywords = "Decidability, Program verification, Reasoning, SQL, Scripting language, Two-variable fragment of First Order logic, Web services",

author = "Shachar Itzhaky and Tomer Kotek and Noam Rinetzky and Mooly Sagiv and Orr Tamir and Helmut Veith and Florian Zuleger",

note = "Publisher Copyright: {\textcopyright} Shachar Itzhaky, Tomer Kotek, Noam Rinetzky, Mooly Sagiv, Orr Tamir, Helmut Veith, and Florian Zuleger; licensed under Creative Commons License CC-BY 20th International Conference on Database Theory (ICDT 2017).; 20th International Conference on Database Theory, ICDT 2017 ; Conference date: 21-03-2017 Through 24-03-2017",

year = "2017",

month = mar,

day = "1",

doi = "10.4230/LIPIcs.ICDT.2017.16",

language = "אנגלית",

series = "Leibniz International Proceedings in Informatics, LIPIcs",

publisher = "Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing",

editor = "Giorgio Orsi and Michael Benedikt",

booktitle = "20th International Conference on Database Theory, ICDT 2017",

address = "גרמניה",

}

Itzhaky, S, Kotek, T, Rinetzky, N , Sagiv, M, Tamir, O, Veith, H & Zuleger, F 2017, On the automated verification of web applications with embedded SQL. in G Orsi & M Benedikt (eds), 20th International Conference on Database Theory, ICDT 2017., 16, Leibniz International Proceedings in Informatics, LIPIcs, vol. 68, Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing, 20th International Conference on Database Theory, ICDT 2017, Venice, Italy, 21/03/17. https://doi.org/10.4230/LIPIcs.ICDT.2017.16

On the automated verification of web applications with embedded SQL. / Itzhaky, Shachar; Kotek, Tomer; Rinetzky, Noam et al.
20th International Conference on Database Theory, ICDT 2017. ed. / Giorgio Orsi; Michael Benedikt. Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing, 2017. 16 (Leibniz International Proceedings in Informatics, LIPIcs; Vol. 68).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - On the automated verification of web applications with embedded SQL

AU - Itzhaky, Shachar

AU - Kotek, Tomer

AU - Rinetzky, Noam

AU - Sagiv, Mooly

AU - Tamir, Orr

AU - Veith, Helmut

AU - Zuleger, Florian

N1 - Publisher Copyright: © Shachar Itzhaky, Tomer Kotek, Noam Rinetzky, Mooly Sagiv, Orr Tamir, Helmut Veith, and Florian Zuleger; licensed under Creative Commons License CC-BY 20th International Conference on Database Theory (ICDT 2017).

PY - 2017/3/1

Y1 - 2017/3/1

N2 - A large number of web applications is based on a relational database together with a program, typically a script, that enables the user to interact with the database through embedded SQL queries and commands. In this paper, we introduce a method for formal automated verification of such systems which connects database theory to mainstream program analysis. We identify a fragment of SQL which captures the behavior of the queries in our case studies, is algorithmically decidable, and facilitates the construction of weakest preconditions. Thus, we can integrate the analysis of SQL queries into a program analysis tool chain. To this end, we implement a new decision procedure for the SQL fragment that we introduce. We demonstrate practical applicability of our results with three case studies, a web administrator, a simple firewall, and a conference management system.

AB - A large number of web applications is based on a relational database together with a program, typically a script, that enables the user to interact with the database through embedded SQL queries and commands. In this paper, we introduce a method for formal automated verification of such systems which connects database theory to mainstream program analysis. We identify a fragment of SQL which captures the behavior of the queries in our case studies, is algorithmically decidable, and facilitates the construction of weakest preconditions. Thus, we can integrate the analysis of SQL queries into a program analysis tool chain. To this end, we implement a new decision procedure for the SQL fragment that we introduce. We demonstrate practical applicability of our results with three case studies, a web administrator, a simple firewall, and a conference management system.

KW - Decidability

KW - Program verification

KW - Reasoning

KW - SQL

KW - Scripting language

KW - Two-variable fragment of First Order logic

KW - Web services

UR - http://www.scopus.com/inward/record.url?scp=85016220100&partnerID=8YFLogxK

U2 - 10.4230/LIPIcs.ICDT.2017.16

DO - 10.4230/LIPIcs.ICDT.2017.16

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85016220100

T3 - Leibniz International Proceedings in Informatics, LIPIcs

BT - 20th International Conference on Database Theory, ICDT 2017

A2 - Orsi, Giorgio

A2 - Benedikt, Michael

PB - Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing

T2 - 20th International Conference on Database Theory, ICDT 2017

Y2 - 21 March 2017 through 24 March 2017

ER -

Itzhaky S, Kotek T, Rinetzky N , Sagiv M, Tamir O, Veith H et al. On the automated verification of web applications with embedded SQL. In Orsi G, Benedikt M, editors, 20th International Conference on Database Theory, ICDT 2017. Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing. 2017. 16. (Leibniz International Proceedings in Informatics, LIPIcs). doi: 10.4230/LIPIcs.ICDT.2017.16

On the automated verification of web applications with embedded SQL

Abstract

Publication series

Conference

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this