Research on Security Risks Detection of MySQL

doi:10.3969/j.issn.1671-1122.2016.09.001

Netinfo Security ›› 2016, Vol. 16 ›› Issue (9): 1-5.doi: 10.3969/j.issn.1671-1122.2016.09.001

• Orginal Article • Next Articles

Research on Security Risks Detection of MySQL

Xuefen LIU^1,^2,³, Rongxin SUN^1,²(), Luning XIA^1,², Wei LI^4,⁵

1. Data Assurance and Communication Security Research Center, Chinese Academy of Sciences, Beijing 100093, China
2. Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
3. University of Chinese Academy of Sciences, Beijing 100049, China
4. Beijing Engineering Laboratory of Smart Network Authentication, Beijing 100085, China
5. Feitian Technology Co., Ltd., Beijing 100085, China

Received:2016-07-25 Online:2016-09-20 Published:2020-05-13

Abstract

Abstract:

Database management system (DBMS) is large software for manipulating and managing databases, which is widely used in E-commerce, social networks and other application systems. Today, attacks against company core data and personal privacy data stored in databases are becoming considerable threats, a great amount of which, mainly SQL injection, exploit the flaw of DBMS’s security design. Thus it is quite necessary to evaluate the security of DBMS design, and examine whether the implement satisfies the DBMS standards. Despite the emergence of NoSQL and other Non-relational DBMS, rational DBMS still dominates. MySQL is the most popular open source DBMS nowadays. This paper introduces DCS MySQL Test Suit, a DBMS secure evaluation system in the perspective of conformance, and implements it on MySQL. The system evaluates the semantic security of MySQL based on the SQL92 standard, and has advantages of lightweight and easy transplantation.

Key words: DBMS, MySQL, conformance testing, security testing

CLC Number:

TP309

Xuefen LIU, Rongxin SUN, Luning XIA, Wei LI. Research on Security Risks Detection of MySQL[J]. Netinfo Security, 2016, 16(9): 1-5.

Figures/Tables 2

References 13

[1]	RAMAKRISHNAN R, GEHRKE J, RAMAKRISHNAN R, et al.Database Management Systems[M]. New York: McGraw-Hill Science/Engineering/Math, 2002.
[2]	MySQL. MySQL Standard Edition [EB/OL]. , 2016-5-11.
[3]	MySQL. MySQL Reference Manual V4.0.13[EB/OL]. , 2016-5-14.
[4]	Cindy. 美国第二大医疗保险公司Anthem遭黑客入侵近8000万用户数据泄露[EB/OL]. , 2016-5-12.
[5]	MORGENROTH S. Command Injection Vulnerability[EB/OL]. , 2016-4-16.
[6]	李鑫,张维纬,隋子畅,等. 新型SQL注入机器防御技术研究与分析[J]. 信息网络安全,2016(2):66-73.
[7]	孙义,胡雨霁,黄皓. 基于序列比对的SQL注入攻击检测方法[J]. 计算机应用研究,2010,27(9):3525-3528.
[8]	田玉杰,赵泽茂,王丽君,等. 基于分类的SQL注入攻击双层防御模型研究[J]. 信息网络安全,2015(6):1-6.
[9]	TARWIREYI P. A Comparative Investigation and Evaluation of Oracle 9i and SQL Server 2000 with Respect to Integrity and SQL Language Standards[EB/OL]. , 2016-5-23.
[10]	KREIBICH J.Using SQLite[M]. California: O'Reilly Media, Inc, 2010.
[11]	FLATER D, GALLAGHER L, HURWITZ S, et al. User’s Guide for SQL Test Suite V6.0[EB/OL]. , 2016-5-26.
[12]	ISO/IEC 9075:1992 Database Language SQL[S]. New York: American National Standards Institutes West, 1991.
[13]	刘文生,乐德广,刘伟,等. SQL注入攻击与防御技术研究[J].信息网络安全,2015(9):129-134.

Research on Security Risks Detection of MySQL

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 2

References 13

Related Articles 2

Recommended Articles

Metrics

Comments

[1]	LI Bin, BAI Shu-jun, SONG Huai-gang. A Homomorphic Encryption Scheme on Online DBMS with Multilevel Secure Mechanism [J]. 信息网络安全, 2014, 14(12): 12-15.
[2]	. Research on Security of Network Examination System based on Java Web Start Technology [J]. , 2013, 13(4): 0-0.