Semi-Automatic Bug Generation Using Test Case Negation

Abstract

This paper considers the threat of a rogue developer introducing a bug in third party software. The threat model is explored by flipping a patch generation system to generate bugs, instead of removing them. The intended effects of the bugs are described with negated test cases, which are automatically chosen through clustering. The system is then applied to seven programs, with a bug being generated in three that would be undetectable by conventional anti-virus software. Identifying potential attack surfaces is key to expanding cyber security research. This work concludes that a concise and non-redundant program is resistant to a patch generation system using line insertion, replacement, or deletion. Further research is proposed to investigate patch generation systems using different transformation operations as well as other test negation methods.