Computer Science

Computer Science ›› 2026, Vol. 53 ›› Issue (2): 133-144.doi: 10.11896/jsjkx.241200060

• Computer Architecture • Previous Articles     Next Articles

Research on Fuzz Testing Techniques for Closed-source DBMSs Based on Black-box Instrumentation

LI Zhongjie1, LIANG Haotian1, JIA Haoyang1, WANG Qingxian1 , CAO Yan1,2   

  1. 1 School of Cyberspace Security and Engineering,Zhengzhou University,Zhengzhou 450002,China
    2 Songshan Laboratory,Zhengzhou 450000,China
  • Received:2024-12-09 Revised:2025-03-18 Published:2026-02-10
  • About author:LI Zhongjie,born in 1996,postgra-duate,is a member of CCF(No.N1001G).His main research interest is database vulnerability discovery.
    CAO Yan,born in 1983,associate professor,Ph.D supervisor,is a member of CCF(No.17447S).His main research interest is vulnerability discovery.
  • Supported by:
    Songshan Laboratory-Funded Project(232102210124,ZZK202403002-03) and Henan Province Science and Technology Research Project(232102210124).

PDF (PC)

62

Abstract: DBMSs are widely used application software for managing business data,and their security is critical.Any form of data leakage or corruption could lead to significant security issues.Currently,there are relatively few public research findings on vulnerability detection for closed-source DBMSs.To enable effective testing of closed-source DBMSs,a novel approach has been developed.It proposes methods based on grammar structure mutation and semantic rule-based variable filling to generate test datasets in batches,creating syntactically and semantically correct complex SQL queries from provided raw corpora.These inputs allow for in-depth exploration of the deep logic of DBMSs.Additionally,a dynamic coverage analysis method based on Pin is introduced to collect real-time coverage data for closed-source DBMSs,using feedback from the coverage to guide seed scheduling in fuzz testing.Based on these methods,an automated testing prototype tool for closed-source DBMSs,named OFuz,has been deve-loped.Experiments conducted on Oracle and SQL Server validate the effectiveness of OFuz,demonstrating superior performance in test dataset generation and coverage analysis compared to other tools.

Key words: Database security, Closed-source database management systems, Black-box testing, Fuzz testing, Coverage analysis

CLC Number: 

  • TP309
[1]SENDNER C,IFFLÄNDER L,SCHINDLER S,et al.Ransomware detection in databases through dynamic analysis of query sequences[C]//2022 IEEE Conference on Communications and Network Security(CNS).IEEE,2022:326-334.
[2]WANG M,WU Z,XU X,et al.Industry practice of coverage-guided enterprise-level DBMS fuzzing[C]//2021 IEEE/ACM 43rd International Conference on Software Engineering:Software Engineering in Practice.IEEE,2021:328-337.
[3]WANG Q Y,XU J C,LI Y W,et al.A Review of Smart Fuzzing:Problem Exploration and Method Classification[J].Chinese Journal of Computers,2024,47(9):2059-2083.
[4]ZHONG R,CHEN Y H,HU H,et al.SQUIRREL:Testing Da-tabase Management Systems with Language Validity and Coverage Feedback[C]//ACM SIGSAC Conference on Computer and Communications Security(ACM CCS).2020:955-970.
[5]JIANG Z M,BAI J J,SU Z D,et al.DynSQL:Stateful Fuzzing for Database Management Systems with Complex and Valid SQL Query Generation[C]//32nd USENIX Security Sympo-sium.2023:4949-4965.
[6]RIGGER M,SU Z D,ASSOC U.Testing Database Engines via Pivoted Query Synthesis[C]//14th USENIX Symposium on Operating Systems Design and Implementation(OSDI).2020:667-682.
[7]DOU W S,CUI Z Y,DAI Q W,et al.Detecting Isolation Bugs via Transaction Oracle Construction[C]//45th IEEE/ACM International Conference on Software Engineering(ICSE).2023:1123-1135.
[8]JUNG J H,HU H,ARULRAJ J,et al.APOLLO:AutomaticDetection and Diagnosis of Performance Regressions in Database Systems[J].Proceedings of the VLDB Endowment,2019,13(1):57-70.
[9]LIU X Y,ZHOU Q,ARULRAJ J,et al.Automatic Detection of Performance Bugs in Database Systems using Equivalent Queries[C]//ACM/IEEE 44th International Conference on Software Engineering(ICSE).2022:225-236.
[10]ZHENG Y Y,DOU W S,WANG Y C,et al.Finding Bugs in Gremlin-Based Graph Database Systems via Randomized Differential Testing[C]//31st ACM SIGSOFT International Sympo-sium on Software Testing and Analysis(ISSTA).2022:302-313.
[11]HUA Z Y,LIN W,REN L Y,et al.GDsmith:Detecting Bugs in Cypher Graph Database Engines[C]//32nd ACM SIGSOFT International Symposium on Software Testing and Analysis(ISSTA).2023:163-174.
[12]YANG Y,CHEN Y,ZHONG R,et al.Towards Generic Database Management System Fuzzing[C]//33rd USENIX Security Symposium(USENIX Security 24).2024:901-918.
[13]PHAM V,BÖHME M,SANTOSA A E,et al.Smart Greybox Fuzzing[J].IEEE Transactions on Software Engineering,2021,47(9):1980-1997.
[14]LIANG J,WU Z Y,FU J Z,et al.Survey on Database Management System Fuzzing Techniques[J].Journal of Software,2025,36(1):399-423.
[15]FIORALDI A,MAIER D,EIßFELDT H,et al.AFL++:Combining incremental steps of fuzzing research[C]//14th USENIX Workshop on Offensive Technologies(WOOT 20).2020.
[16]CHEN P,CHEN H.Angora:Efficient Fuzzing by PrincipledSearch[C]//39th IEEE Symposium on Security and Privacy(SP),IEEE,2018:711-725.
[17]LIANG J,WU Z,FU J,et al.Mozi:Discovering DBMS Bugs via Configuration-Based Equivalent Transformation[C]//Procee-dings of the IEEE/ACM 46th International Conference on Software Engineering.2024:1-12.
[18]LIANG Y,LIU S,HU H,et al.Detecting Logical Bugs of DBMS with Coverage-based Guidance[C]//31st USENIX Security Symposium.2022:4309-4326.
[19]PAN Q F,XU C.Advances in SQL Execution Techniques Based on Query Compilation[J].Journal of Computer Research and Development,2024,61(7):1754-1770.
[20]TRICKEL E,PAGANI F,ZHU C,et al.Toss a Fault to YourWitcher:Applying Grey-box Coverage-Guided Mutational Fuzzing to Detect SQL and Command Injection Vulnerabilities[C]//44th IEEE Symposium on Security and Privacy(SP),IEEE,2023:2658-2675.
[21]WANG J H,SONG C Y,YIN H,et al.Reinforcement Learning-based Hierarchical Seed Scheduling for Greybox Fuzzing[C]//.28th Annual Network and Distributed System Security Symposium(NDSS).2021.
[22]WANG A Q,YANG B,ZHANG J H,et al.A Survey of SQL Injection Attack Detection and Defense Technology[J].Journal of Information Security Research,2023,9(5):412-422.
[23]BA J S,RIGGER M.Testing Database Engines via Query Plan Guidance[C]//45th IEEE/ACM International Conference on Software Engineering(ICSE).2023:2060-2071.
[24]BLAZYTKO T,ASCHERMANN C,SCHLOGEL M,et al.GRIMOIRE:Synthesizing Structure while Fuzzing[C]//28th USENIX Security Symposium.2019:1985-2002.
[25]WANG W T,SUN J J,WAN Y F,et al.Fuzzing for Binary Software Based on Program Analysis[J].Computer Systems and Applications,2025,34(1):294-307.
[26]LIU X,ZHOU Q,ARULRAJ J,et al.Testing dbms performance with mutations[J].arXiv:2105.10016,2021.
[27]FU J Z,LIANG J,WU Z Y,et al.Griffin:Grammar-Free DBMS Fuzzing[C]//37th IEEE/ACM International Conference on Automated Software Engineering(ASE).2022.
[28]ZHANG J,ZHANG C,XUAN J F,et al.Recent Progress in Program Analysis[J].Journal of Software,2019,30(1):80-109.
[29]FU J,LIANG J,WU Z,et al.Sedar:Obtaining High-Quality Seeds for DBMS Fuzzing via Cross-DBMS SQL Transfer[C]//Proceedings of the IEEE/ACM 46th International Conference on Software Engineering.2024:1-12.
[30]LI J,WANG K,CHEN Y,et al.Detecting DBMS Bugs with Context-Sensitive Instantiation and Multi-Plan Execution[J].arXiv:2312.04941,2023.
[1] SUN Qiming, HOU Gang, JIN Wenjie, HUANG Chen, KONG Weiqiang. Survey on Fuzzing of Embedded Software [J]. Computer Science, 2025, 52(7): 13-25.
[2] SHI Heyuan, CHEN Shijun, ZHANG Qiang, SHEN Yuheng, JIANG Yu, SHI Ronghua. Configuration-guided Directed Kernel Fuzzing for Real-time Linux [J]. Computer Science, 2025, 52(6A): 240400161-8.
[3] WANG Shuai, HUANG Chen, JIANG Yunsong, XIAO Xi, WANG Guanlin, YU Tingting, XU Qizhen. AFL-VTest:Fuzzing Framework for Aerospace Embedded Software [J]. Computer Science, 2025, 52(12): 9-17.
[4] HAN Luchao, ZHANG Wei. Survey on Fuzz Testing Techniques for Network Protocols [J]. Computer Science, 2025, 52(11A): 241100173-9.
[5] WANG Shuanqi, ZHAO Jianxin, LIU Chi, WU Wei, LIU Zhao. Fuzz Testing Method of Binary Code Based on Deep Reinforcement Learning [J]. Computer Science, 2024, 51(6A): 230800078-7.
[6] LIU Jiahao, JIANG He. DeepGenFuzz:An Efficient PDF Application Fuzzing Test Case Generation Framework Based on Deep Learning [J]. Computer Science, 2024, 51(12): 53-62.
[7] FENG An-ran, WANG Xu-ren, WANG Qiu-yun, XIONG Meng-bo. Database Anomaly Access Detection Based on Principal Component Analysis and Random Tree [J]. Computer Science, 2020, 47(9): 94-98.
[8] LI Shu-fang, AN Jin-xia, LIU Yang and CHEN Liang. Approach to C++ Code Instrumentation for Coverage Analysis with Clang/LLVM [J]. Computer Science, 2017, 44(11): 191-194.
[9] ZHANG Xiong and LI Zhou-jun. Survey of Fuzz Testing Technology [J]. Computer Science, 2016, 43(5): 1-8.
[10] LIU Meng-leng, YANG Xiao-shuang, ZHAO Lei and WANG Li-na. Discrete Characteristic-based Test Execution Selection for Software Fault Localization and Understanding [J]. Computer Science, 2016, 43(3): 179-187.
[11] HUANG Bao-hua, JIA Feng-wei and WANG Tian-jing. Database Access Control Policy Based on Attribute in Cloud Storage Platform [J]. Computer Science, 2016, 43(3): 167-173.
[12] ZHANG Ya-jun,LI Zhou-jun,LIAO Xiang-ke,JIANG Rui-cheng and LI Hai-feng. Survey of Automated Whitebox Fuzz Testing [J]. Computer Science, 2014, 41(2): 7-10.
[13] LI Ling,QIN Xiao-lin and DAI Hua. Damage-tolerant Date Query Degraded Service Mechanism [J]. Computer Science, 2013, 40(6): 90-93.
[14] LI Cheng,WEI Qiang,PENG Jian-shan and WANG Qing-xian. Network Software Test Data Generation Based on Decomposition and Reconstruction [J]. Computer Science, 2013, 40(10): 108-113.
[15] . Algorithm for Authenticated Hash Join Processing in Outsourced Database [J]. Computer Science, 2012, 39(2): 203-205.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.