Semi-Automatic Bug Generation Using Test Case Negation

被引：0

作者：

Westland, Tyler ^{[1
]}

Niu, Nan ^{[1
]}

Jhaa, Rashmi ^{[1
]}

Kapp, David ^{[2
]}

Kebede, Temesguen ^{[2
]}

机构：

[1] Univ Cincinnati, Cincinnati, OH 45221 USA

[2] AFRL RYWA, Dayton, OH USA

来源：

PROCEEDINGS OF THE 2021 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE (IEEE CSR) | 2021年

关键词：

D O I：

10.1109/CSR51186.2021.9527992

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This paper considers the threat of a rogue developer introducing a bug in third party software. The threat model is explored by flipping a patch generation system to generate bugs, instead of removing them. The intended effects of the bugs are described with negated test cases, which are automatically chosen through clustering. The system is then applied to seven programs, with a bug being generated in three that would be undetectable by conventional anti-virus software. Identifying potential attack surfaces is key to expanding cyber security research. This work concludes that a concise and non-redundant program is resistant to a patch generation system using line insertion, replacement, or deletion. Further research is proposed to investigate patch generation systems using different transformation operations as well as other test negation methods.

引用

页码：141 / 146

页数：6

共 14 条

[1]

[Anonymous], 2013, CVE-2014-0160

[2]

[Anonymous], 2020, CHECK WHETHER TRIANG

[3]

[Anonymous], 2011, ARXIV181012556CS

[4]

[Anonymous], 2008, MICROSOFT ZUNE AFFEC

[5] Identifying the Characteristics of Vulnerable Code Changes: An Empirical Study [J].

Bosu, Amiangshu ;

Carver, Jeffrey C. ;

Hafiz, Munawar ;

Hilley, Patrick ;

Janni, Derek .

22ND ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING (FSE 2014), 2014, :257-268

[6] Automatic patch-based exploit generation is possible: Techniques and implications [J].

Brumley, David ;

Poosankam, Pongsin ;

Song, Dawn ;

Zheng, Jiang .

PROCEEDINGS OF THE 2008 IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 2008, :143-+

[7]

Clark S, 2010, 26TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2010), P251

[8]

Hemmati Hadi, 2010, Proceedings of the 2010 IEEE 21st International Symposium on Software Reliability Engineering (ISSRE 2010), P141, DOI 10.1109/ISSRE.2010.9

[9] GenProg: A Generic Method for Automatic Software Repair [J].

Le Goues, Claire ;

ThanhVu Nguyen ;

Forrest, Stephanie ;

Weimer, Westley .

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2012, 38 (01) :54-72

[10] An Analysis of the Search Spaces for Generate and Validate Patch Generation Systems [J].

Long, Fan ;

Rinard, Martin .

2016 IEEE/ACM 38TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2016, :702-713

← 1 2 →