Thu, Apr 30, 2020 @ 10:00 AM - 01:00 PM
Title: Detecting SQL Antipatterns in Mobile Applications
PhD Candidate: Yingjun Lyu
William GJ Halfond (Chair)
Local databases underpin important features in many mobile applications. However, bad programming practices of using database operations, also called SQL antipatterns, can introduce high resource consumption, affect the responsiveness, and undermine the security of a mobile application.
In my dissertation, I designed and evaluated a framework, called SAND, to detect SQL antipatterns effectively and efficiently in mobile apps. The framework abstracts away the interactions between the application and the database. It provides a language that allows the framework users to query abstractions of application-database relationships and specify SQL antipattern detection tasks. To determine what kinds of application-database relationships should be abstracted, I first conducted a systematic literature review to collect a comprehensive list of SQL antipatterns and their detection approaches. I then analyzed the collected detection approaches and derived the abstractions from them. In order to extract the abstractions from the database access code, I developed a range of static analysis techniques that can analyze the database access code effectively and efficiently. Using experiments on the framework implementation for Android, I showed that SAND can be used to compactly (in 12-74 lines of code) specify SQL antipattern detection tasks previously reported in the literature. These detectors built on top of SAND precisely identified thousands of instances of SQL antipatterns with a precision of at least 99.4%. These detectors were also fast as applying eleven detectors only took an average of forty-one seconds per app. Overall, these results are positive and indicate that my framework can detect all kinds of SQL antipatterns effectively and efficiently in mobile apps.
WebCast Link: https://usc.zoom.us/j/94586333967
Audiences: Everyone Is Invited
Contact: Lizsl De Leon