Search for: database-schemas
Article Information Systems ; Volume 56 , 2016 , Pages 135-156 ; 03064379 (ISSN) ; Amini, M ; Sharif University of Technology
Nowadays, a large volume of an organization's sensitive data is stored in databases making them attractive to attackers. The useful information attackers try to obtain in the preliminary steps, is the database structure or schema. One of the popular approaches to infer and extract the schema of a database is to analyze the returned error messages from its DBMS. In this paper, we propose a framework to handle and modify the error messages automatically in order to prevent schema revealing. To this aim, after identifying and introducing an appropriate set of categories of error messages, each error message that is returned from a DBMS is placed in a proper category. According to the policy...
M.Sc. Thesis Sharif University of Technology ; Amini, Morteza
Nowadays large volume of sensitive data of organizations are stored in the databases. Thus, databases are attractive to the attackers to execute different types of attacks with different purposes. The useful information that attackers try to achieve in the preliminary steps of the attacks against the databases, is the database structure or schema. One of the popular approach to extract the schema of a database is to analyze the returned error messages from its DBMS. Hence, a solution to prevent schema disclosure via the error messages is customizing and modifying them. To achieve this goal, in this thesis, we propose a framework to handle and customize the error messages automatically and...
Article IEEE International Conference on Electro Information Technology, 15 May 2011 through 17 May 2011, Mankato, MN ; 2011 ; 21540357 (ISSN) ; Mirian Hosseinabadi, S. H ; IEEE Region 4 (R4) ; Sharif University of Technology
Automatic translation of a high-level specification language to an executable implementation would be highly useful in maximizing the benefits of formal methods. We will introduce a set of translation functions to fill the specification-implementation gap in the domain of database applications. Because the mathematical foundation of Z has many properties in common with SQL, a direct mapping from Z to SQL structures can be found. We derive a set of translation functions from Z to SQL for the generation of a database. The proposed methodology results in reducing the expenses and duration of the software development, and also, prevents the errors originated from the manual translation of...