A Model-Based Fuzzing Approach for DBMS

被引：0

作者：

Wang, Jiajie ^{[1
]}

Zhang, Puhan ^{[1
]}

Zhang, Lei ^{[1
]}

Zhu, Haowen ^{[2
]}

Ye, Xiaojun ^{[2
]}

机构：

[1] China Informat Technol Secur Evaluat Ctr, Beijing, Peoples R China

[2] Tsinghua Univ, Sch Software, Beijing, Peoples R China

来源：

2013 8TH INTERNATIONAL ICST CONFERENCE ON COMMUNICATIONS AND NETWORKING IN CHINA (CHINACOM) | 2013年

基金：

中国国家自然科学基金;

关键词：

security testing for DBMS; fuzzing framework; model-based testing; vulnerability discovery;

D O I：

暂无

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

As one of critical components of information infrastructure, database management system (DBMS) faces various security challenges. Although fuzz testing has been used in the security evaluation of DBMS, most of current fuzzers focus on SQL syntax more than multi-phase interaction between the client and server of DBMS. This paper presents a model-based fuzzing approach to discover vulnerabilities of DBMSs, which supports state-aware and multi-phase fuzz testing. Based on the model-based fuzzing framework, a finite state machine model EXT-DBFSM is proposed to manipulate the fuzzing process and guarantee the validation of test cases. The approach is implemented and experimented on several DBMSs. The result has proved effectiveness of this approach, 14 vulnerabilities are discovered, including 10 unreleased ones.

引用

页码：426 / 431

页数：6

共 50 条

[21] KNN model-based approach in classification
Guo, GD
Wang, H
Bell, D
Bi, YX
Greer, K
ON THE MOVE TO MEANINGFUL INTERNET SYSTEMS 2003: COOPIS, DOA, AND ODBASE, 2003, 2888 : 986 - 996
[22] Model-based approach to human recognition
Lao, ZQ
Ling, L
PROCEEDINGS OF THE FIFTH JOINT CONFERENCE ON INFORMATION SCIENCES, VOLS 1 AND 2, 2000, : A433 - A436
[23] An algebraic approach to model-based diagnosis
Luan, Shangmin
Magnani, Lorenzo
Dai, Guozhong
MODEL-BASED REASONING IN SCIENCE, TECHNOLOGY, AND MEDICINE, 2007, 64 : 467 - +
[24] GraphQL Federation: A Model-Based Approach
Stunkel, Patrick
von Bargen, Ole
Rutle, Adrian
Lamo, Yngve
JOURNAL OF OBJECT TECHNOLOGY, 2020, 19 (02):
[25] Requirement Traceability: A Model-Based Approach
Badreddin, Omar
Sturm, Arnon
Lethbridge, Timothy C.
2014 IEEE 4TH INTERNATIONAL MODEL-DRIVEN REQUIREMENTS ENGINEERING WORKSHOP (MODRE), 2014, : 87 - 91
[26] COMPLIANT LOCOMOTION: A MODEL-BASED APPROACH
Hopkins, Michael
Griffin, Robert
Lednessa, Alexander
MECHANICAL ENGINEERING, 2015, 137 (06)
[27] Model-Based approach IDS design
Monzer, Mohamad Houssein
Beydoun, Kamal
Flaus, Jean-Marie
2019 6TH INTERNATIONAL CONFERENCE ON CONTROL, DECISION AND INFORMATION TECHNOLOGIES (CODIT 2019), 2019, : 477 - 482
[28] A model-based approach to natural ventilation
Mahdavi, Ardeshir
Proeglhoef, Claus
BUILDING AND ENVIRONMENT, 2008, 43 (04) : 620 - 627
[29] A model-based approach to clock synchronization
Freris, Nikolaos M.
Borkar, Vivek S.
Kumar, P. R.
PROCEEDINGS OF THE 48TH IEEE CONFERENCE ON DECISION AND CONTROL, 2009 HELD JOINTLY WITH THE 2009 28TH CHINESE CONTROL CONFERENCE (CDC/CCC 2009), 2009, : 5744 - 5749
[30] A Model-Based Approach to Software Refactoring
Verebi, Ioana
2015 31ST INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE AND EVOLUTION (ICSME) PROCEEDINGS, 2015, : 606 - 609

← 1 2 3 4 5 →