Euan Rochester Undergraduate Dissertation 2017/18

Fuzzing DBMS Engines

Supervised by P.McMinn

Abstract

Different DBMSs (Database Management Systems) interpret the SQL (Structured Query Language) standard differently, leading to confusion and potential security issues. This project aims to compile a comprehensive list of these differences automatically, by using fuzzing and mutation techniques to find SQL statements that will make different DBMSs behave differently. Currently I have implemented a system to convert the SQL grammar into a parser, seedable semi-random generator, and statement mutation tool. However so far the tool has no guidance to its random generation or statement mutation, and sometimes overflows its stack while generating or mutating statements, as the heuristics I am using to bound the size of the generated statement (the SQL grammar is recursive and has no inherent upper bound to the size of a statement) are not sufficient. Once I have overcome this hurdle I hope to implement guided generation, ideally by leveraging the power of existing mutation tools such as AFL (discussed in technical survey)