ZeroLeak: Using LLMs for Scalable and Cost Effective Side-Channel Patching
This provides a scalable and cost-effective solution for patching side-channel leakages in software like OpenSSL, addressing a resource and expertise gap, though it is incremental as it builds on existing LLM and detection tools.
The paper tackled the problem of patching side-channel vulnerabilities in security-critical software by using large language models (LLMs) to generate patches, achieving a cost of a few cents per vulnerability fixed with GPT-4.
Security critical software, e.g., OpenSSL, comes with numerous side-channel leakages left unpatched due to a lack of resources or experts. The situation will only worsen as the pace of code development accelerates, with developers relying on Large Language Models (LLMs) to automatically generate code. In this work, we explore the use of LLMs in generating patches for vulnerable code with microarchitectural side-channel leakages. For this, we investigate the generative abilities of powerful LLMs by carefully crafting prompts following a zero-shot learning approach. All generated code is dynamically analyzed by leakage detection tools, which are capable of pinpointing information leakage at the instruction level leaked either from secret dependent accesses or branches or vulnerable Spectre gadgets, respectively. Carefully crafted prompts are used to generate candidate replacements for vulnerable code, which are then analyzed for correctness and for leakage resilience. From a cost/performance perspective, the GPT4-based configuration costs in API calls a mere few cents per vulnerability fixed. Our results show that LLM-based patching is far more cost-effective and thus provides a scalable solution. Finally, the framework we propose will improve in time, especially as vulnerability detection tools and LLMs mature.