Martina Olliaro

Università Ca' Foscari Venezia | UNIVE · Department of Environmental Sciences, Informatics and Statistics

Strings are characterized by properties that either refer to their content (e.g., the set of contained characters) and to their shape (e.g., the character position and the length of the strings). In this paper, we present a general framework providing a systematic lifting of string domains through a segmentation abstraction, yielding to a more accu...

This book provides an overview about the open challenges in software verification. Software verification is a branch of software engineering aiming at guaranteeing that software applications satisfy some requirements of interest. Over the years, the software verification community has proposed and considered several techniques: abstract interpretat...

Watermarking techniques for relational data that aim at robustness face the challenge of guaranteeing watermark persistence despite aggressive attacks. Nevertheless, attackers cannot compromise watermark detection to their will since they must ensure the usability of the stolen data. Attacks that constitute a potential master-key for false ownershi...

Contrary to multimedia data watermarking approaches, it is not recommended that relational data watermarking techniques consider sequential selection for marks in the watermark and embedding locations in the digital asset being protected. Indeed, considering the database relations’ elements, i.e., tuple and attributes, when watermarking techniques...

Robust relational database watermarking techniques aim to preserve the watermark in the protected assets despite daily updates and malicious attacks. Nevertheless, most techniques do not analyze the root of operations that can degrade the embedded watermark signal, being that the case of Structured Query Language (SQL) queries for relational data....

In modern programming languages, more and more functionalities, such as reflection and data interchange, rely on string values. String analysis statically computes the set of string values that are possibly assigned to a variable, and it involves a certain degree of approximation. During the last decade, several abstract domains approximating strin...

Distortion-based watermarking techniques embed the watermark by performing tolerable changes in the digital assets being protected. For relational data, mark insertion can be performed over the different data types of the database relations’ attributes. An important goal for distortion-based approaches is to minimize as much as possible the changes...

In Abstract Interpretation, completeness ensures that the analysis does not lose information with respect to the property of interest. In particular, for dynamic languages like JavaScript, completeness of string analysis is a key security issue, as poorly managed string manipulation code may easily lead to significant security flaws. In this paper,...

Data type abstraction plays a crucial role in software verification. In this paper, we introduce a domain for abstracting strings in the C programming language, where strings are managed as null-terminated arrays of characters. The new domain M-String is parametrized on an index (bound) domain and a character domain. By means of these different con...

In relational database watermarking, the semantic consistency between the original database and the distorted one is a challenging issue which is disregarded by most watermarking proposals, due to the well-known assumption for which a small amount of errors in the watermarked database is tolerable. We propose a semantic-driven watermarking approach...

False ownership claims are carried on through additive and invertibility attacks and, as far as we know, current relational watermarking techniques are not always able to solve the ownership doubts raising from the latter attacks. In this paper, we focus on additive attacks. We extend a conventional image-based relational data watermarking scheme b...

Completeness in abstract interpretation is a well-known property, which ensures that the abstract framework does not lose information during the abstraction process, with respect to the property of interest. Completeness has been never taken into account for existing string abstract domains, due to the fact that it is difficult to prove it formally...

Automatic abstraction is a powerful software verification technique. In this paper, we elaborate an abstract domain for C strings, that is, null-terminated arrays of characters. We describe the abstract semantics of basic string operations and prove their soundness with regards to previously established concrete semantics of those operations. In ad...

We present a refined segmentation abstract domain for the analysis of strings in the C programming language, properly extending the parametric segmentation approach to array representation introduced by P. Cousot et al. to the case of text values. In particular, we capture the so-called string of interest of an array of chars, in order to distingui...