About | Contact Us | Register | Login
ProceedingsSeriesJournalsSearchEAI
8th International Conference on Communications and Networking in China

Research Article

A Model-Based Fuzzing Approach for DBMS

Cite
BibTeX Plain Text
  • @INPROCEEDINGS{10.1109/ChinaCom.2013.6694634,
        author={jiajie wang and Puhan Zhang and Lei Zhang and Haowen Zhu and Xiaojun Ye},
        title={A Model-Based Fuzzing Approach for DBMS},
        proceedings={8th International Conference on Communications and Networking in China},
        publisher={IEEE},
        proceedings_a={CHINACOM},
        year={2013},
        month={11},
        keywords={security testing for dbms fuzzing framework model-based testing vulnerability discovery},
        doi={10.1109/ChinaCom.2013.6694634}
    }
    
  • jiajie wang
    Puhan Zhang
    Lei Zhang
    Haowen Zhu
    Xiaojun Ye
    Year: 2013
    A Model-Based Fuzzing Approach for DBMS
    CHINACOM
    IEEE
    DOI: 10.1109/ChinaCom.2013.6694634
jiajie wang1, Puhan Zhang1, Lei Zhang1, Haowen Zhu2,*, Xiaojun Ye2
  • 1: China Information Technology Security Evaluation Center
  • 2: Tsinghua University
*Contact email: zhuhw12@mails.tsinghua.edu.cn

Abstract

As one of critical components of information infra-structure, database management system (DBMS) faces various security challenges. Although fuzz testing has been used in the security evaluation of DBMS, most of current fuzzers focus on SQL syntax more than multi-phase interaction between the client and server of DBMS. This paper presents a model-based fuzzing approach to discover vulnerabilities of DBMSs, which supports state-aware and multi-phase fuzz testing. Based on the model-based fuzzing framework, a finite state machine model EXT-DBFSM is proposed to manipulate the fuzzing process and guarantee the validation of test cases. The approach is implemented and experimented on several DBMSs. The result has proved effectiveness of this approach, 14 vulnerabilities are discovered, including 10 unreleased ones.

Keywords
security testing for dbms fuzzing framework model-based testing vulnerability discovery
Published
2013-11-14
Publisher
IEEE
http://dx.doi.org/10.1109/ChinaCom.2013.6694634
Copyright © 2013–2025 IEEE
EBSCOProQuestDBLPDOAJPortico
EAI Logo

About EAI

  • Who We Are
  • Leadership
  • Research Areas
  • Partners
  • Media Center

Community

  • Membership
  • Conference
  • Recognition
  • Sponsor Us

Publish with EAI

  • Publishing
  • Journals
  • Proceedings
  • Books
  • EUDL