A Model-Based Fuzzing Approach for DBMS

被引:0
|
作者
Wang, Jiajie [1 ]
Zhang, Puhan [1 ]
Zhang, Lei [1 ]
Zhu, Haowen [2 ]
Ye, Xiaojun [2 ]
机构
[1] China Informat Technol Secur Evaluat Ctr, Beijing, Peoples R China
[2] Tsinghua Univ, Sch Software, Beijing, Peoples R China
来源
2013 8TH INTERNATIONAL ICST CONFERENCE ON COMMUNICATIONS AND NETWORKING IN CHINA (CHINACOM) | 2013年
基金
中国国家自然科学基金;
关键词
security testing for DBMS; fuzzing framework; model-based testing; vulnerability discovery;
D O I
暂无
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
As one of critical components of information infrastructure, database management system (DBMS) faces various security challenges. Although fuzz testing has been used in the security evaluation of DBMS, most of current fuzzers focus on SQL syntax more than multi-phase interaction between the client and server of DBMS. This paper presents a model-based fuzzing approach to discover vulnerabilities of DBMSs, which supports state-aware and multi-phase fuzz testing. Based on the model-based fuzzing framework, a finite state machine model EXT-DBFSM is proposed to manipulate the fuzzing process and guarantee the validation of test cases. The approach is implemented and experimented on several DBMSs. The result has proved effectiveness of this approach, 14 vulnerabilities are discovered, including 10 unreleased ones.
引用
收藏
页码:426 / 431
页数:6
相关论文
共 50 条
  • [31] Intelligence and the brain: A model-based approach
    Kievit, Rogier A.
    van Rooijen, Hilko
    Wicherts, Jelte M.
    Waldorp, Lourens J.
    Kan, Kees-Jan
    Scholte, H. Steven
    Borsboom, Denny
    COGNITIVE NEUROSCIENCE, 2012, 3 (02) : 89 - 97
  • [32] A Model-Based Approach to Software Refactoring
    Verebi, Ioana
    2015 31ST INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE AND EVOLUTION (ICSME) PROCEEDINGS, 2015, : 606 - 609
  • [33] On a model-based approach to radiation protection
    Waligórski, MPR
    RADIATION PROTECTION DOSIMETRY, 2002, 99 (1-4) : 439 - 444
  • [34] A Model-Based Approach to Language Integration
    Tomassetti, Federico
    Vetro, Antonio
    Torchiano, Marco
    Voelter, Markus
    Kolb, Bernd
    2013 5TH INTERNATIONAL WORKSHOP ON MODELING IN SOFTWARE ENGINEERING (MISE), 2013, : 76 - 81
  • [35] An interacting multiple model approach to model-based prognostics
    Luo, JH
    Bixby, A
    Qiao, L
    Kawamoto, M
    2003 IEEE INTERNATIONAL CONFERENCE ON SYSTEMS, MAN AND CYBERNETICS, VOLS 1-5, CONFERENCE PROCEEDINGS, 2003, : 189 - 194
  • [36] Formalizing the use case model: A model-based approach
    Zaman, Qamar uz
    Nadeem, Aamer
    Sindhu, Muddassar Azam
    PLOS ONE, 2020, 15 (04):
  • [37] On the use of OBDDs in model-based diagnosis: An approach based on the partition of the model
    Torta, Gianluca
    Torasso, Pietro
    KNOWLEDGE-BASED SYSTEMS, 2006, 19 (05) : 316 - 323
  • [38] Model-based system configuration approach for Internetware
    LI Ying
    SUN KeWei
    YANG Jie
    LIU TianCheng
    ZENG LiangZhao
    Science China(Information Sciences), 2013, 56 (08) : 21 - 40
  • [39] A model-based approach to higher education instruction
    Cohen, EB
    ASSOCIATION FOR INFORMATION SYSTEMS PROCEEDINGS OF THE AMERICAS CONFERENCE ON INFORMATION SYSTEMS, 1998, : 1044 - 1046
  • [40] A crop model-based approach for sunflower yields
    Dal Belo Leite, Joao Guilherme
    Silva, Joao Vasco
    Justino, Flavio Barbosa
    van Ittersum, Martin K.
    SCIENTIA AGRICOLA, 2014, 71 (05): : 345 - 355
12345