[Review] DynSQL: Stateful Fuzzing for Database Management Systems with Complex and Valid SQL Query Generation
Posted Updated Research3 minutes read (About 511 words)

[Review] DynSQL: Stateful Fuzzing for Database Management Systems with Complex and Valid SQL Query Generation

Link here

The paper designs a stateful DBMS fuzzer called DynSQL. DynSQL adopts two new methods: Dynamic Query Interaction and Error Feedback.

Instead of generating all of the SQL queries before performing them, Dynamic Query Interaction allows the fuzzer to fuzz the DBMSs “step-by-step”, that is, dynamically determine the next statement after executing every prior statement.

Also, Error Feedback allows the seed generation to generate more valid SQL statements and queries.

Background:

Former DBMS testing tools: SQLsmith, SQUIRREL, SQLancer.

Existing DBMS fuzzers are still limited in generating complex and valid queries to find deep bugs in DBMSs.

SQLsmith generates only one statement in each query, SQUIRREL produces over 50% invalid queries and tends to generate simple statements.

SQLancer aims to figuring out logic bugs of DBMSs rather than general bugs.

Read more
[Review] autofz: Automated Fuzzer Composition at Runtime
Posted Updated Research2 minutes read (About 254 words)

[Review] autofz: Automated Fuzzer Composition at Runtime

Link here

This paper proposes a new fuzzing mechanism which integrates several fuzzers to perform a unique fuzzing process. For every workload, one or several optimal mixture of fuzzers are employed for fuzzing. Unlike the early work, autofz:

  1. Do not need presetting and human efforts.
  2. Allocate fuzzers for every workload, rather than every program.

Background:

  • A large amount of fuzzers have been created, which makes it difficult to choose a proper fuzzer for a specific fuzzing.
  • No universal fuzzer perpetually outperforms others, so choosing a optimal fuzzer will be difficult.
  • The efficiency of a fuzzer may not last for the whole fuzzing process.
  • Fuzzing is a random process, a optimal fuzzer may not always be that case.
Read more
[Review] MINER: A Hybrid Data-Driven Approach for REST API Fuzzing
Posted Updated Research3 minutes read (About 424 words)

[Review] MINER: A Hybrid Data-Driven Approach for REST API Fuzzing

Link here

This paper proposed a new approach for API fuzzing, which:

  1. Focuses more on the long sequence query.
  2. Induces a customized attention model to support fuzzing process.
  3. Implements a new data-driven security rule checker to capture the new kind of errors caused by undefined parameters.

[1]: REST standard, usually including GET, POST, PUT, DELETE.

Motivation:

Cloud service testing is important, but early works(like RESTler) fail to generate long request sequence for testing, which is not enough to detect deep errors hidden in hard-to-reach states of cloud services. MINER applies length oriented mechanisms to generate long request sequence, and applies a attention model to help pass the semantic checking. Further more, it applies a data-driven security rule checker to capture the new kind of errors caused by undefined parameters.

Read more
Follow

Links

Recents

Categories

Archives

Tags

20071
20121
20131
20161
20181
20191
20202
20213
20223
20239
20245
ASE2
ASE 20161
ASE 20241
Binary Search1
CCS3
CCS 20191
CCS 20201
CCS 20231
CHI1
CHI 20211
Dynamic Programming1
ESEM1
ESEM 20211
ICSE5
ICSE 20071
ICSE 20121
ICSE 20231
ICSE 20242
IEEE S&P3
IEEE S&P 20232
IEEE S&P 20241
ISSTA2
ISSTA 20221
ISSTA 20231
Jottings2
LeetCode2
NDSS1
NDSS 20241
OSDI1
OSDI 20201
Paper Review28
SOSP2
SOSP 20211
SOSP 20231
TSE3
TSE 20131
TSE 20222
USENIX Security4
USENIX Security 20181
USENIX Security 20233
汇编1
算法2
自学笔记5
计算机系统3

Subscribe for updates

×