{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,16]],"date-time":"2025-10-16T01:00:58Z","timestamp":1760576458275,"version":"build-2065373602"},"publisher-location":"Singapore","reference-count":45,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819531813","type":"print"},{"value":"9789819531820","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T00:00:00Z","timestamp":1760486400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T00:00:00Z","timestamp":1760486400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-981-95-3182-0_3","type":"book-chapter","created":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T19:16:48Z","timestamp":1760555808000},"page":"38-56","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Ghosts in\u00a0DBMS: Revealing the\u00a0Security Impacts of\u00a0Silent Fixes"],"prefix":"10.1007","author":[{"given":"Jialiang","family":"Dong","sequence":"first","affiliation":[]},{"given":"Zihan","family":"Ni","sequence":"additional","affiliation":[]},{"given":"Willy","family":"Susilo","sequence":"additional","affiliation":[]},{"given":"Siqi","family":"Ma","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,15]]},"reference":[{"key":"3_CR1","unstructured":"Mysql server, 2025. https:\/\/github.com\/mysql\/mysql-server"},{"key":"3_CR2","unstructured":"Postgresql: The world\u2019s most advanced open source relational database, 2025. https:\/\/www.postgresql.org\/"},{"key":"3_CR3","unstructured":"Tidb, 2025. https:\/\/github.com\/pingcap\/tidb"},{"key":"3_CR4","unstructured":"Myrocks: A rocksdb storage engine with mysql, 2025. https:\/\/myrocks.io\/"},{"key":"3_CR5","unstructured":"Sqlite home page, 2025. https:\/\/sqlite.org\/"},{"key":"3_CR6","unstructured":"Mariadb server: the innovative open source database, 2025. https:\/\/mariadb.org\/"},{"key":"3_CR7","unstructured":"What is amazon aurora?, 2025. https:\/\/docs.aws.amazon.com\/AmazonRDS\/latest\/AuroraUserGuide\/CHAP_AuroraOverview.html"},{"key":"3_CR8","unstructured":"Polardbx-engine, 2025. https:\/\/github.com\/polardb\/polardbx-engine"},{"key":"3_CR9","doi-asserted-by":"crossref","unstructured":"Zhou, J., et al.: Finding a needle in a haystack: automated mining of silent vulnerability fixes. In: IEEE\/ACM 36th International Conference on Automated Software Engineering (ASE), pp. 705\u2013716. IEEE, 2021","DOI":"10.1109\/ASE51524.2021.9678720"},{"key":"3_CR10","unstructured":"The problems with vulnerability reporting, 2023. https:\/\/readme.synack.com\/the-problems-with-vulnerability-reporting"},{"key":"3_CR11","unstructured":"The problems with vulnerability reporting, 2021. https:\/\/www.hackerone.com\/blog\/vulnerability-disclosure-whats-responsible-solution"},{"key":"3_CR12","unstructured":"Responsible vulnerability disclosure: Why it matters, 2021. https:\/\/outpost24.com\/blog\/responsible-vulnerability-disclosure\/"},{"key":"3_CR13","unstructured":"How mysql servers can attack you, 2023. https:\/\/conference.hitb.org\/hitbsecconf2023ams\/materials\/D2T1%20-%20How%20MySQL%20Servers%20Can%20Attack%20YOU%20-%20Martin%20Rahkmanov%20&%20Alexander%20Rubin.pdf"},{"key":"3_CR14","unstructured":"Cve-2023-21980, 2023. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-21980"},{"key":"3_CR15","doi-asserted-by":"crossref","unstructured":"Sun, J., et al.: Silent vulnerable dependency alert prediction with vulnerability key aspect explanation. In: IEEE\/ACM 45th International Conference on Software Engineering (ICSE), pp. 970\u2013982. IEEE, 2023","DOI":"10.1109\/ICSE48619.2023.00089"},{"key":"3_CR16","doi-asserted-by":"crossref","unstructured":"Zhou, J., et al.: Colefunda: explainable silent vulnerability fix identification. In: 2023 IEEE\/ACM 45th International Conference on Software Engineering (ICSE), pp. 2565\u20132577. IEEE, 2023","DOI":"10.1109\/ICSE48619.2023.00214"},{"key":"3_CR17","doi-asserted-by":"crossref","unstructured":"Wen, Z., et al.: Silent taint-style vulnerability fixes identification. In: Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), pp. 428\u2013439, 2024","DOI":"10.1145\/3650212.3652139"},{"key":"3_CR18","doi-asserted-by":"crossref","unstructured":"Dunlap, T., Thorn, S., Enck, W., Reaves, B.: Finding fixed vulnerabilities with off-the-shelf static analysis. In: IEEE 8th European Symposium on Security and Privacy (EuroS &P), pp. 489\u2013505. IEEE, 2023","DOI":"10.1109\/EuroSP57164.2023.00036"},{"key":"3_CR19","unstructured":"Percona software for mysql, 2025. https:\/\/www.percona.com\/mysql\/software"},{"key":"3_CR20","doi-asserted-by":"crossref","unstructured":"Cubukcu, U., Erdogan, O., Pathak, S., Sannakkayala, S., Slot, M.: Citus: distributed postgresql for data-intensive applications. In: Proceedings of the 40th International Conference on Management of Data (SIGMOD), pp. 2490\u20132502, 2021","DOI":"10.1145\/3448016.3457551"},{"key":"3_CR21","unstructured":"Sqlcipher, 2025. https:\/\/github.com\/sqlcipher\/sqlcipher"},{"key":"3_CR22","unstructured":"Bug#33379702 ndb : Query thread tux relink logic error, 2023. https:\/\/github.com\/mysql\/mysql-server\/commit\/d37cb5b"},{"key":"3_CR23","doi-asserted-by":"crossref","unstructured":"Woo, S., Park, S., Kim, S., Lee, H., Oh, H.: Centris: a precise and scalable approach for identifying modified open-source software reuse. In: IEEE\/ACM 43rd International Conference on Software Engineering (ICSE), pp. 860\u2013872. IEEE, 2021","DOI":"10.1109\/ICSE43902.2021.00083"},{"key":"3_CR24","unstructured":"Universal ctags, 2025. https:\/\/github.com\/universal-ctags\/ctags"},{"key":"3_CR25","unstructured":"National vulnerability database, 2025. https:\/\/nvd.nist.gov\/"},{"key":"3_CR26","unstructured":"Official common platform enumeration (cpe) dictionary, 2025. https:\/\/nvd.nist.gov\/products\/cpe"},{"key":"3_CR27","doi-asserted-by":"crossref","unstructured":"Xu, S., et al.: Enhancing security in third-party library reuse - comprehensive detection of 1-day vulnerability through code patch analysis. In: ISOC 32th Network and Distributed System Security Symposium (NDSS), 2025","DOI":"10.14722\/ndss.2025.240576"},{"key":"3_CR28","doi-asserted-by":"crossref","unstructured":"Feng, Z., et\u00a0al.: Codebert: a pre-trained model for programming and natural languages. In: Findings of the 25th ACL Conference on Empirical Methods in Natural Language Processing (EMNLP), pp. 1536\u20131547, 2020","DOI":"10.18653\/v1\/2020.findings-emnlp.139"},{"key":"3_CR29","unstructured":"Linux kernel, 2025. https:\/\/github.com\/torvalds\/linux"},{"key":"3_CR30","unstructured":"Imagemagick, 2025. https:\/\/github.com\/ImageMagick\/ImageMagick"},{"key":"3_CR31","unstructured":"Welcome to the openssl projectl, 2025. https:\/\/github.com\/openssl\/openssl"},{"key":"3_CR32","unstructured":"Wordnet: A lexical database for english, 2025. https:\/\/wordnet.princeton.edu\/"},{"key":"3_CR33","unstructured":"Faiss documentation, 2025. https:\/\/faiss.ai\/"},{"key":"3_CR34","unstructured":"Gitpython documentation, 2025. https:\/\/gitpython.readthedocs.io\/"},{"key":"3_CR35","doi-asserted-by":"crossref","unstructured":"Wang, X., Sun, K., Batcheller, A., Jajodia, S.: Detecting \u201c0-day\u201d vulnerability: an empirical study of secret security patch in oss. In: 49th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 485\u2013492. IEEE, 2019","DOI":"10.1109\/DSN.2019.00056"},{"key":"3_CR36","doi-asserted-by":"crossref","unstructured":"Han, M., Wang, L., Chang, J., Li, B., Zhang, C.: Learning graph-based patch representations for identifying and assessing silent vulnerability fixes. In: IEEE 35th International Symposium on Software Reliability Engineering (ISSRE), pp. 120\u2013131. IEEE, 2024","DOI":"10.1109\/ISSRE62328.2024.00022"},{"key":"3_CR37","unstructured":"Cheng, Y., et al.: Fixseeker: an empirical driven graph-based approach for detecting silent vulnerability fixes in open source software. arXiv preprint arXiv:2503.20265, 2025"},{"key":"3_CR38","doi-asserted-by":"crossref","unstructured":"Rigger, M., Su, Z.: Finding bugs in database systems via query partitioning. Proc. 35th ACM Program. Lang. (OOPSLA) 4, 1\u201330 (2020)","DOI":"10.1145\/3428279"},{"key":"3_CR39","unstructured":"Liang, Y., Liu, S., Hu, H.: Detecting logical bugs of dbms with coverage-based guidance. In: 31st USENIX Security Symposium (USENIX Security), pp. 4309\u20134326, 2022"},{"key":"3_CR40","doi-asserted-by":"crossref","unstructured":"Jiang, Y., Liu, J., Ba, J., Yap, R.H., Liang, Z., Rigger, M.: Detecting logic bugs in graph database management systems via injective and surjective graph query transformation. In: Proceedings of the 46th IEEE\/ACM International Conference on Software Engineering (ICSE), pp. 1\u201312, 2024","DOI":"10.1145\/3597503.3623307"},{"key":"3_CR41","doi-asserted-by":"crossref","unstructured":"Mang, Q., Fang, A., Yu, B., Chen, H., He, P.: Testing graph database systems via equivalent query rewriting. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering (ICSE), pp. 1\u201312, 2024","DOI":"10.1145\/3597503.3639200"},{"key":"3_CR42","doi-asserted-by":"crossref","unstructured":"Cui, Z., et\u00a0al.: Understanding transaction bugs in database systems. In: Proceedings of the IEEE\/ACM 46th International Conference on Software Engineering (ICSE), pp. 1\u201313, 2024","DOI":"10.1145\/3597503.3639207"},{"key":"3_CR43","doi-asserted-by":"crossref","unstructured":"Fu, J., Liang, J., Wu, Z., Zhao, Y., Li, S., Jiang, Y.: Understanding and detecting sql function bugs: using simple boundary arguments to trigger hundreds of dbms bugs. In: Proceedings of the 20th European Conference on Computer Systems (EuroSys), pp. 1061\u20131076, 2025","DOI":"10.1145\/3689031.3696064"},{"key":"3_CR44","unstructured":"Liang, J., Wu, Z., Fu, J., Bai, Y., Zhang, Q., Jiang, Y.: Wingfuzz: implementing continuous fuzzing for dbmss. In: 43rd USENIX Annual Technical Conference (USENIX ATC), pp. 479\u2013492, 2024"},{"key":"3_CR45","doi-asserted-by":"crossref","unstructured":"Dong, J., Chen, X., Susilo, W., Sun, N., Shaghaghi, A., Ma, S.: What lies beneath: an empirical study of silent vulnerability fixes in open-source software. In: 55th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 485\u2013492. IEEE, 2025","DOI":"10.1109\/DSN64029.2025.00043"}],"container-title":["Lecture Notes in Computer Science","Data Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-95-3182-0_3","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,15]],"date-time":"2025-10-15T19:16:58Z","timestamp":1760555818000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-95-3182-0_3"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,15]]},"ISBN":["9789819531813","9789819531820"],"references-count":45,"URL":"https:\/\/doi.org\/10.1007\/978-981-95-3182-0_3","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,15]]},"assertion":[{"value":"15 October 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DSPP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Data Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Xi'an","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 October 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 October 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"dspp2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/dspp2025.xidian.edu.cn\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}