Conan: Uncover Consensus Issues in Distributed Databases Using Fuzzing-driven Fault Injection
Consensus is critical for distributed databases as it ensures the consistency of states across nodes, reinforcing the robustness of the overall system. However, faults related to the consensus protocols such as Paxos can lead to serious issues in distributed databases. Such consensus issues impact the correctness and availability of these databases. Therefore, to automatically uncover consensus issues in distributed databases, we propose Conan, a framework designed with fuzzing-driven fault injection. Conan applies a state-guided fuzzing algorithm to effectively explore the fault search space. Moreover, Conan employs hybrid fault sequences that combines fine-grained message-level faults and coarse-grained system-level faults to enhance fault injection. We implement and evaluate Conan on 3 widely-used distributed databases, including etcd, rqlite and openGauss. Finally, Conan has successfully uncovered previously unknown consensus issues, some of which are not detected by existing approaches.
Fri 7 MarDisplayed time zone: Eastern Time (US & Canada) change
15:30 - 17:00 | Software SecurityEarly Research Achievement (ERA) Track / Research Papers at L-1710 Chair(s): Sabbir M. Saleh University of Western Ontario | ||
15:30 15mTalk | Characterizing Logs in Vulnerability Reports: In-Depth Analysis and Security Implications Research Papers Yao Shu Wuhan University, Lianyu Zheng Wuhan University, Jinfu Chen Wuhan University, Jifeng Xuan Wuhan University | ||
15:45 15mTalk | Conan: Uncover Consensus Issues in Distributed Databases Using Fuzzing-driven Fault Injection Research Papers Haojia Huang Sun Yat-Sen Universty, Pengfei Chen Sun Yat-sen University, Guangba Yu Sun Yat-sen University, Haiyu Huang Sun Yat-sen University, Jia Chang Huawei, Jun Li Huawei, Jian Han Huawei | ||
16:00 15mTalk | Dissecting APKs from Google Play: Trends, Insights and Security Implications Research Papers Pedro Jesús Ruiz Jiménez University of Luxembourg, Jordan Samhi University of Luxembourg, Luxembourg, Tegawendé F. Bissyandé University of Luxembourg, Jacques Klein University of Luxembourg | ||
16:15 15mTalk | WakeMint: Detecting Sleepminting Vulnerabilities in NFT Smart Contracts Research Papers Lei Xiao Sun Yat-sen University, Shuo Yang Sun Yat-sen University, Wen Chen Energy Development Research Institute, China Southern Power Grid Company Limited, Zibin Zheng Sun Yat-sen University | ||
16:30 7mTalk | On Categorizing Open Source Software Security Vulnerability Reporting Mechanisms on GitHub Early Research Achievement (ERA) Track Sushawapak Kancharoendee , Thanat Phichitphanphong , Chanikarn Jongyingyos Mahidol University, Brittany Reid Nara Institute of Science and Technology, Raula Gaikovina Kula Osaka University, Morakot Choetkiertikul Mahidol University, Thailand, Chaiyong Rakhitwetsagul Mahidol University, Thailand, Thanwadee Sunetnanta Mahidol University | ||