Search

US-12619760-B2 - Compositional reasoning of information flow in scripted query language

US12619760B2US 12619760 B2US12619760 B2US 12619760B2US-12619760-B2

Abstract

A method implements compositional reasoning of information flow in scripted query language. The method includes gating access to a database using a policy that includes a policy scope defined by a set of policy tuples extracted from a set of policy queries. The method further includes preventing execution of a runtime query requesting access to the database. The method further includes extracting a set of runtime tuples from the runtime query and comparing the set of runtime tuples to the set of policy tuples to form an access determination identifying a runtime scope of the runtime query being within the policy scope of the policy. The method further includes executing the runtime query in response to the access determination.

Inventors

  • Kostyantyn VOROBYOV
  • Padmanabhan Krishnan
  • François Gauthier

Assignees

  • ORACLE INTERNATIONAL CORPORATION

Dates

Publication Date
20260505
Application Date
20231023

Claims (18)

  1. 1 . A method comprising: gating access to a database using a policy comprising a policy scope comprising a set of policy tuples extracted from a set of policy queries; preventing execution of a runtime query requesting access to the database by not executing the runtime query; extracting a set of runtime tuples from the runtime query, wherein the set of runtime tuples comprises a runtime tuple comprising a disclosed component and an accessible component, and wherein the runtime tuple further comprises a syntactic component, a function component, and an alias component; comparing the set of runtime tuples to the set of policy tuples to form an access determination identifying a runtime scope of the runtime query comprised by the policy scope of the policy; and executing the runtime query in response to the access determination.
  2. 2 . The method of claim 1 , wherein gating access to the database comprises: extracting a set of policy tuples from the set of policy queries to form the policy comprising the policy scope.
  3. 3 . The method of claim 1 , wherein extracting the set of runtime tuples comprises: identifying a set of disclosed columns referenced by the runtime query and represented by a disclosed component of a runtime tuple of the set of runtime tuples, wherein the set of disclosed columns comprises a disclosed column selected by the runtime query.
  4. 4 . The method of claim 1 , wherein extracting the set of runtime tuples comprises: identifying a set of accessible columns referenced by the runtime query and represented by the accessible component of a runtime tuple of the set of runtime tuples, wherein the set of accessible columns comprises an access column used to manipulate a result of the runtime query.
  5. 5 . The method of claim 1 , wherein extracting the set of runtime tuples comprises: identifying a set of syntactic constructs in the runtime query and represented by a syntactic component of a runtime tuple of the set of runtime tuples, wherein the set of syntactic constructs comprises a syntactic construct used to manipulate a result of the runtime query.
  6. 6 . The method of claim 1 , wherein extracting the set of runtime tuples comprises: identifying a set of functions in the runtime query represented by a function component of a runtime tuple of the set of runtime tuples, wherein the set of functions comprises a function to be applied to data for a result from the runtime query.
  7. 7 . The method of claim 1 , wherein extracting the set of runtime tuples comprises: identifying a set of alias names in the runtime query represented by an alias component of a runtime tuple of the set of runtime tuples, wherein the set of functions comprises a function to be applied to data for a result from the runtime query.
  8. 8 . The method of claim 1 , wherein extracting the set of runtime tuples comprises: parsing the runtime query to generate a syntax tree.
  9. 9 . The method of claim 1 , wherein extracting the set of runtime tuples comprises: computing an alias table from a syntax tree parsed from the runtime query; decomposing the syntax tree with the alias table to form an ordered list of operations; and folding the ordered list of operations to form a runtime tuple of the set of runtime tuples.
  10. 10 . A system comprising: at least one processor; an application executing on the at least one processor to perform: gating access to a database using a policy comprising a policy scope comprising a set of policy tuples extracted from a set of policy queries; preventing execution of a runtime query requesting access to the database by not executing the runtime query; extracting a set of runtime tuples from the runtime query, wherein the set of runtime tuples comprises a runtime tuple comprising a disclosed component and an accessible component, and wherein the runtime tuple further comprises a syntactic component, a function component, and an alias component; comparing the set of runtime tuples to the set of policy tuples to form an access determination identifying a runtime scope of the runtime query comprised by the policy scope of the policy; and executing the runtime query in response to the access determination.
  11. 11 . The system of claim 10 , wherein gating access to the database comprises: extracting a set of policy tuples from the set of policy queries to form the policy comprising the policy scope.
  12. 12 . The system of claim 10 , wherein extracting the set of runtime tuples comprises: identifying a set of disclosed columns referenced by the runtime query and represented by a disclosed component of a runtime tuple of the set of runtime tuples, wherein the set of disclosed columns comprises a disclosed column selected by the runtime query.
  13. 13 . The system of claim 10 , wherein extracting the set of runtime tuples comprises: identifying a set of accessible columns referenced by the runtime query and represented by the accessible component of a runtime tuple of the set of runtime tuples, wherein the set of accessible columns comprises an access column used to manipulate a result of the runtime query.
  14. 14 . The system of claim 10 , wherein extracting the set of runtime tuples comprises: identifying a set of syntactic constructs in the runtime query and represented by a syntactic component of a runtime tuple of the set of runtime tuples, wherein the set of syntactic constructs comprises a syntactic construct used to manipulate a result of the runtime query.
  15. 15 . The system of claim 10 , wherein extracting the set of runtime tuples comprises: identifying a set of functions in the runtime query represented by a function component of a runtime tuple of the set of runtime tuples, wherein the set of functions comprises a function to be applied to data for a result from the runtime query.
  16. 16 . The system of claim 10 , wherein extracting the set of runtime tuples comprises: identifying a set of alias names in the runtime query represented by an alias component of a runtime tuple of the set of runtime tuples, wherein the set of functions comprises a function to be applied to data for a result from the runtime query.
  17. 17 . The system of claim 10 , wherein extracting the set of runtime tuples comprises: parsing the runtime query to generate a syntax tree; computing an alias table from the syntax tree parsed from the runtime query; decomposing a syntax tree with the alias table to form an ordered list of operations; and folding the ordered list of operations to form a runtime tuple of the set of runtime tuples.
  18. 18 . A non-transitory computer readable storage medium storing computer readable program code which, when executed by a processor, performs: gating access to a database using a policy comprising a policy scope comprising a set of policy tuples extracted from a set of policy queries; preventing execution of a runtime query requesting access to the database by not executing the runtime query; extracting a set of runtime tuples from the runtime query, wherein the set of runtime tuples comprises a runtime tuple comprising a disclosed component and an accessible component, and wherein the runtime tuple further comprises a syntactic component, a function component, and an alias component; comparing the set of runtime tuples to the set of policy tuples to form an access determination identifying a runtime scope of the runtime query comprised by the policy scope of the policy; and executing the runtime query in response to the access determination.

Description

BACKGROUND Structured query language (SQL) queries are statements used in programming to interact with databases. The queries are employed to retrieve, manipulate, or manage data stored within a database system. The structured query language allows developers to communicate with databases using commands such as SELECT, INSERT, UPDATE, DELETE, etc., enabling tasks like fetching specific data, adding new records, modifying existing data, and removing entries. Injection attacks pose a security concern within the realm of queries of databases. Injection attacks may occur when malicious actors exploit vulnerabilities in input fields of applications that use queries. By injecting specially crafted input, attackers can manipulate the structure of the queries to gain unauthorized access to a database, which can lead to unauthorized data retrieval, modification, deletion, etc., which may compromise the integrity and confidentiality of sensitive information. A challenge is to guard against injection attacks in manner that is seamless to users and administrators. SUMMARY In general, in one or more aspects, the disclosure relates to a method implementing compositional reasoning of information flow in scripted query language. The method includes gating access to a database using a policy that includes a policy scope defined by a set of policy tuples extracted from a set of policy queries. The method further includes preventing execution of a runtime query requesting access to the database. The method further includes extracting a set of runtime tuples from the runtime query and comparing the set of runtime tuples to the set of policy tuples to form an access determination identifying a runtime scope of the runtime query being within the policy scope of the policy. The method further includes executing the runtime query in response to the access determination. In general, in one or more aspects, the disclosure relates to a system implementing compositional reasoning of information flow in scripted query language. The system includes at least one processor and an application executing on the at least one processor. The application performs gating access to a database using a policy that includes a policy scope defined by a set of policy tuples extracted from a set of policy queries. The application further performs preventing execution of a runtime query requesting access to the database. The application performs extracting a set of runtime tuples from the runtime query and comparing the set of runtime tuples to the set of policy tuples to form an access determination identifying a runtime scope of the runtime query being within the policy scope of the policy. The application performs executing the runtime query in response to the access determination. In general, in one or more aspects, the disclosure relates to a non-transitory computer readable storage medium storing computer readable program code which, when executed by a processor, implements compositional reasoning of information flow in scripted query language. The program code performs gating access to a database using a policy that includes a policy scope defined by a set of policy tuples extracted from a set of policy queries. The program code performs preventing execution of a runtime query requesting access to the database. The program code performs extracting a set of runtime tuples from the runtime query. A runtime tuple, of the set of runtime tuples, includes one or more of a disclosed component, an accessed component, a syntactic component, a function component, and an alias component. The program code performs comparing the set of runtime tuples to the set of policy tuples to form an access determination identifying a runtime scope of the runtime query being within the policy scope of the policy. The program code performs executing the runtime query in response to the access determination. Other aspects of the one or more embodiments will be apparent from the following description and the appended claims. BRIEF DESCRIPTION OF DRAWINGS FIG. 1 shows a computing system, in accordance with one or more embodiments of the disclosure. FIG. 2 shows a method in accordance with one or more embodiments of the disclosure. FIG. 3A, FIG. 3B, FIG. 4A, FIG. 4B, FIG. 4C, FIG. 5A, FIG. 5B, FIG. 5C, FIG. 6, and FIG. 7 show examples in accordance with one or more embodiments of the disclosure. FIG. 8A and FIG. 8B show a computing system and network environment, in accordance with one or more embodiments of the disclosure. Like elements in the various figures are denoted by like reference numerals for consistency. DETAILED DESCRIPTION Embodiments of the disclosure use compositional reasoning of information flow to secure access to databases in a manner that is seamless to users and administrators. To restrict access to a database, a policy is created. An administrator may create a policy by providing example of queries (referred to as policy queries) that define the scope of