F-logic language is a logic database language based on frame logic. It is powerful in expressing object-oriented features. However, there was littIe work discussing its capability of manipulating complex objects. In t...F-logic language is a logic database language based on frame logic. It is powerful in expressing object-oriented features. However, there was littIe work discussing its capability of manipulating complex objects. In this paper, the authors compare the capability of F-logic with that of logic database languages represented by COL. Through two pairs of semantic-preserving transformations, F-logic programs and their Herbrand interpretations can be transformed into COL programs and their corresponding Herbrand interpretations, and vice versa. Also, the effects of negation are discussed. The results of this paper indicate that, without consideration of the effects of OID generating, F-logic language has the same power in manipulating complex objects as COL, LDL1,and ELPS.展开更多
Logic flaws within web applications will allow malicious operations to be triggered towards back-end database. Existing approaches to identifying logic flaws of database accesses are strongly tied to structured query ...Logic flaws within web applications will allow malicious operations to be triggered towards back-end database. Existing approaches to identifying logic flaws of database accesses are strongly tied to structured query language (SQL) statement construction and cannot be applied to the new generation of web applications that use not only structured query language (NoSQL) databases as the storage tier. In this paper, we present Lom, a black-box approach for discovering many categories of logic flaws within MongoDB- based web applications. Our approach introduces a MongoDB operation model to support new features of MongoDB and models the application logic as a mealy finite state machine. During the testing phase, test inputs which emulate state violation attacks are constructed for identifying logic flaws at each application state. We apply Lom to several MongoDB-based web applications and demonstrate its effectiveness.展开更多
文摘F-logic language is a logic database language based on frame logic. It is powerful in expressing object-oriented features. However, there was littIe work discussing its capability of manipulating complex objects. In this paper, the authors compare the capability of F-logic with that of logic database languages represented by COL. Through two pairs of semantic-preserving transformations, F-logic programs and their Herbrand interpretations can be transformed into COL programs and their corresponding Herbrand interpretations, and vice versa. Also, the effects of negation are discussed. The results of this paper indicate that, without consideration of the effects of OID generating, F-logic language has the same power in manipulating complex objects as COL, LDL1,and ELPS.
基金supported by China Scholarship Council,Tianjin Science and Technology Committee(No.12JCZDJC20800)Science and Technology Planning Project of Tianjin(No.13ZCZDGX01098)+2 种基金NSF TRUST(The Team for Research in Ubiquitous Secure Technology)Science and Technology Center(No.CCF-0424422)National High Technology Research and Development Program of Chia(863Program)(No.2013BAH01B05)National Natural Science Foundation of China(No.61402264)
文摘Logic flaws within web applications will allow malicious operations to be triggered towards back-end database. Existing approaches to identifying logic flaws of database accesses are strongly tied to structured query language (SQL) statement construction and cannot be applied to the new generation of web applications that use not only structured query language (NoSQL) databases as the storage tier. In this paper, we present Lom, a black-box approach for discovering many categories of logic flaws within MongoDB- based web applications. Our approach introduces a MongoDB operation model to support new features of MongoDB and models the application logic as a mealy finite state machine. During the testing phase, test inputs which emulate state violation attacks are constructed for identifying logic flaws at each application state. We apply Lom to several MongoDB-based web applications and demonstrate its effectiveness.
