CryptoDB
LLMs can do it better: Patching Code for Side-Channel Leakages
| Authors: | |
|---|---|
| Download: | |
| Presentation: | Slides |
| Abstract: | Security critical software comes with numerous side-channel leakages left unpatched due to a lack of resources or experts. The situation will only worsen as the pace of code development accelerates, with developers relying on Large Language Models (LLMs) to automatically generate code. In this work, we explore the use of LLMs in generating patches for vulnerable code with microarchitectural side-channel leakages. For this, we investigate the generative abilities of powerful LLMs by carefully crafting prompts following a zero-shot learning approach. All generated code is dynamically analyzed by leakage detection tools which are capable of pinpointing information leakage at the instruction level leaked either from secret dependent accesses or branches or vulnerable Spectre gadgets, respectively. Carefully crafted prompts are used to generate candidate replacements for vulnerable code which are then analyzed for correctness and for leakage resilience. After extensive experimentation, we determined that the way prompts are formed and stacked over a series of queries plays a critical role in the LLMs' ability to generate correct and leakage-free patches. We develop a number of tricks to improve the chances of correct and side-channel secure code. Moreover, when we compare various LLMs, we found that OpenAI's GPT4 is far superior compared to Google PaLM and Meta LLaMA in generating patches with nearly all leakages fixed in a microbenchmark of vulnerable codes as well as Spectre v1 gadgets. We also found that GPT4 is more successful than GPT3.5 in generating both correct and secure code, with many failed attempts observed in the latter. As for efficiency, GPT4 provides a far more efficient patch with up to 10 times less overhead when compared to the clang compiler-supported lfence Spectre mitigation. The GPT4-based configuration costs in API calls a mere few cents per vulnerability fixed. |
| Video: | https://youtu.be/ebGKQUi6gOI |
BibTeX
@misc{rwc-2024-35384,
title={LLMs can do it better: Patching Code for Side-Channel Leakages},
note={Video at \url{https://youtu.be/ebGKQUi6gOI}},
howpublished={Talk given at RWC 2024},
author={M. Caner Tol and Berk Sunar},
year=2024
}