Automated Generation of Bug Samples Based on Source Code Analysis

Tianming Zheng,Zhixin Tong,Ping Yi,Yue Wu
DOI: https://doi.org/10.1109/apsec57359.2022.00017
2022-01-01
Abstract:With the development of software vulnerability analysis, the evaluation of different bug-detecting tools has become quite important for selecting better-performed ones and improving existing approaches. To obtain a convincing evaluation result, a well-constructed vulnerability corpus is indispensable. However, the existing corpora are either constructed from real-world bugs or artificially designed, suffering various problems like small volume, lack of ground truth, etc. Thus, generating large-scale bug corpora through an automated way has been widely noticed. In this paper, we propose an automated vulnerability injection system to generate code samples with triggerable vulnerabilities. Specifically, the system analyzes a host program with the symbolic execution tool to generate high-coverage test cases. Meanwhile, it identifies the potential bug injection points and performs static taint analysis to mark tainted variables and their relevance to the bug injection points. Based on the variables, the system modifies the host program to vulnerable code samples that could be verified by the test cases. In conclusion, the system realizes the injection of buffer overflow vulnerabilities in $\mathrm{C}/ \mathrm{C}++$ programs. A study case is shown to demonstrate the injection processes, and the evaluation presents our advantages in the realness and magnitude of generated bug samples as well as solving highcoverage test cases.
What problem does this paper attempt to address?