A Model-Based Fuzzing Approach for DBMS

被引：0

作者：

Wang, Jiajie ^{[1
]}

Zhang, Puhan ^{[1
]}

Zhang, Lei ^{[1
]}

Zhu, Haowen ^{[2
]}

Ye, Xiaojun ^{[2
]}

机构：

[1] China Informat Technol Secur Evaluat Ctr, Beijing, Peoples R China

[2] Tsinghua Univ, Sch Software, Beijing, Peoples R China

来源：

2013 8TH INTERNATIONAL ICST CONFERENCE ON COMMUNICATIONS AND NETWORKING IN CHINA (CHINACOM) | 2013年

基金：

中国国家自然科学基金;

关键词：

security testing for DBMS; fuzzing framework; model-based testing; vulnerability discovery;

D O I：

暂无

中图分类号：

TM [电工技术]; TN [电子技术、通信技术];

学科分类号：

0808 ; 0809 ;

摘要：

As one of critical components of information infrastructure, database management system (DBMS) faces various security challenges. Although fuzz testing has been used in the security evaluation of DBMS, most of current fuzzers focus on SQL syntax more than multi-phase interaction between the client and server of DBMS. This paper presents a model-based fuzzing approach to discover vulnerabilities of DBMSs, which supports state-aware and multi-phase fuzz testing. Based on the model-based fuzzing framework, a finite state machine model EXT-DBFSM is proposed to manipulate the fuzzing process and guarantee the validation of test cases. The approach is implemented and experimented on several DBMSs. The result has proved effectiveness of this approach, 14 vulnerabilities are discovered, including 10 unreleased ones.

引用

页码：426 / 431

页数：6

共 50 条

[41] A crop model-based approach for sunflower yields
Dal Belo Leite, Joao Guilherme
Silva, Joao Vasco
Justino, Flavio Barbosa
van Ittersum, Martin K.
SCIENTIA AGRICOLA, 2014, 71 (05): : 345 - 355
[42] A model-based approach to higher education instruction
Cohen, EB
ASSOCIATION FOR INFORMATION SYSTEMS PROCEEDINGS OF THE AMERICAS CONFERENCE ON INFORMATION SYSTEMS, 1998, : 1044 - 1046
[43] Recovery in deep dysphasia: A model-based approach
Huber, Walter
Ablinger, Irene
Abel, Stefanie
BRAIN AND LANGUAGE, 2007, 103 (1-2) : 166 - 167
[44] A Model-Based Approach to Assess Epidemic Risk
Hugo Dolan
Riccardo Rastelli
Statistics in Biosciences, 2022, 14 : 452 - 484
[45] Model-based approach to video perception and motion
Porat, M.
PERCEPTION, 2000, 29 : 20 - 20
[46] A model-based approach to sequential fault diagnosis
Pietersma, Jurryt
van Gemund, Arjan J. C.
Bos, Andre
AUTOTESTCON 2005, 2005, : 621 - 627
[47] Foundations of Computational Imaging: A Model-Based Approach
Layton, Anita T.
SIAM REVIEW, 2024, 66 (03)
[48] Testing Environment Emulation - A Model-based Approach
Liu, Jian
Grundy, John
Abdelrazek, Mohamed
Avazpour, Iman
MODELSWARD: PROCEEDINGS OF THE 5TH INTERNATIONAL CONFERENCE ON MODEL-DRIVEN ENGINEERING AND SOFTWARE DEVELOPMENT, 2017, : 112 - 124
[49] PROCESS MONITORING AND DIAGNOSIS - A MODEL-BASED APPROACH
DVORAK, D
KUIPERS, B
IEEE EXPERT-INTELLIGENT SYSTEMS & THEIR APPLICATIONS, 1991, 6 (03): : 67 - 74
[50] AN INTEGRATIVE MODEL-BASED APPROACH TO HOSPITAL LAYOUT
BUTLER, TW
KARWAN, KR
SWEIGART, JR
REEVES, GR
IIE TRANSACTIONS, 1992, 24 (02) : 144 - 152

← 1 2 3 4 5 →