UNMASQUE
Hidden Query Extractor




Database Systems Lab
Indian Institute of Science




About UNMASQUE
Welcome to the UNMASQUE software developed at the Database Systems Lab, Indian Institute of Science. UNMASQUE is an easy-to-use graphical tool for non-invasively and efficiently extracting SQL queries that are hidden in black-box executables. It is written entirely in Python 3 and is operational on the PostgreSQL and Microsoft SQL Server database engines.

The problem of unmasking SQL queries hidden within database applications has a variety of use-cases ranging from legacy code to server security. To address this problem, we have developed UNMASQUE, an extraction algorithm that is capable of identifying a substantive class of hidden SPJGAOL queries. A special feature of our design is that the extraction is non-invasive with respect to the application code, examining only the results obtained from its executions on databases derived with a combination of data mutation and data generation techniques. Further, potent optimizations, such as database size reduction to a few rows, are incorporated to minimize the extraction overheads. A detailed evaluation over benchmark databases demonstrates that UNMASQUE is capable of correctly and efficiently extracting complex hidden queries.

Downloads
Technical Report pdf

Demo Video


Contact
Email: haritsa [AT] iisc [dot] ac [dot] in

Primary Contributors (in chronological order of participation)