A Model-Based Fuzzing Approach for DBMS

被引:0
|
作者
Wang, Jiajie [1 ]
Zhang, Puhan [1 ]
Zhang, Lei [1 ]
Zhu, Haowen [2 ]
Ye, Xiaojun [2 ]
机构
[1] China Informat Technol Secur Evaluat Ctr, Beijing, Peoples R China
[2] Tsinghua Univ, Sch Software, Beijing, Peoples R China
来源
2013 8TH INTERNATIONAL ICST CONFERENCE ON COMMUNICATIONS AND NETWORKING IN CHINA (CHINACOM) | 2013年
基金
中国国家自然科学基金;
关键词
security testing for DBMS; fuzzing framework; model-based testing; vulnerability discovery;
D O I
暂无
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
As one of critical components of information infrastructure, database management system (DBMS) faces various security challenges. Although fuzz testing has been used in the security evaluation of DBMS, most of current fuzzers focus on SQL syntax more than multi-phase interaction between the client and server of DBMS. This paper presents a model-based fuzzing approach to discover vulnerabilities of DBMSs, which supports state-aware and multi-phase fuzz testing. Based on the model-based fuzzing framework, a finite state machine model EXT-DBFSM is proposed to manipulate the fuzzing process and guarantee the validation of test cases. The approach is implemented and experimented on several DBMSs. The result has proved effectiveness of this approach, 14 vulnerabilities are discovered, including 10 unreleased ones.
引用
收藏
页码:426 / 431
页数:6
相关论文
共 50 条
  • [41] A Model-based Approach to Software Deployment in Robotics
    Hochgeschwender, Nico
    Gherardi, Luca
    Shakhirmardanov, Azamat
    Kraetzschmar, Gerhard K.
    Brugali, Davide
    Bruyninckx, Herman
    2013 IEEE/RSJ INTERNATIONAL CONFERENCE ON INTELLIGENT ROBOTS AND SYSTEMS (IROS), 2013, : 3907 - 3914
  • [42] A Model-Based Approach to Assess Epidemic Risk
    Hugo Dolan
    Riccardo Rastelli
    Statistics in Biosciences, 2022, 14 : 452 - 484
  • [43] Recovery in deep dysphasia: A model-based approach
    Huber, Walter
    Ablinger, Irene
    Abel, Stefanie
    BRAIN AND LANGUAGE, 2007, 103 (1-2) : 166 - 167
  • [44] Rationalizing PID tuning with a model-based approach
    Jaguste, DN
    Agnihotri, RB
    HYDROCARBON PROCESSING, 2002, 81 (09): : 59 - 64
  • [45] CAESAR Model-Based Approach to Harness Design
    Wagner, David
    Kim-Castet, So Young
    Jimenez, Alejandro
    Elaasar, Maged
    Rouquette, Nicolas
    Jenkins, Steven
    2020 IEEE AEROSPACE CONFERENCE (AEROCONF 2020), 2020,
  • [46] A model-based approach to robot fault diagnosis
    Liu, HH
    Coghill, GM
    APPLICATIONS AND INNOVATIONS IN INTELLIGENT SYSTEMS XII, PROCEEDINGS, 2005, : 137 - 150
  • [47] Model-based approach for the development of LMS algorithms
    Deng, G
    Ng, WY
    2005 IEEE INTERNATIONAL SYMPOSIUM ON CIRCUITS AND SYSTEMS (ISCAS), VOLS 1-6, CONFERENCE PROCEEDINGS, 2005, : 2267 - 2270
  • [48] A model-based approach to support privacy compliance
    Alshammari, Majed
    Simpson, Andrew
    INFORMATION AND COMPUTER SECURITY, 2018, 26 (04) : 437 - 453
  • [49] A Model-based Approach to Ongoing Product Evaluation
    Humayoun, Shah Rukh
    Dubinsky, Yael
    Catarci, Tiziana
    Nazarov, Eli
    Israel, Assaf
    PROCEEDINGS OF THE INTERNATIONAL WORKING CONFERENCE ON ADVANCED VISUAL INTERFACES, 2012, : 596 - 603
  • [50] Learning to coordinate efficiently: A model-based approach
    Brafman, RI
    Tennenholtz, M
    JOURNAL OF ARTIFICIAL INTELLIGENCE RESEARCH, 2003, 19 : 11 - 23
12345