A hybrid LLM workflow can help identify user privilege related variables in programs of any size
arxiv(2024)
摘要
Many programs involves operations and logic manipulating user privileges,
which is essential for the security of an organization. Therefore, one common
malicious goal of attackers is to obtain or escalate the privileges, causing
privilege leakage. To protect the program and the organization against
privilege leakage attacks, it is important to eliminate the vulnerabilities
which can be exploited to achieve such attacks. Unfortunately, while memory
vulnerabilities are less challenging to find, logic vulnerabilities are much
more imminent, harmful and difficult to identify. Accordingly, many analysts
choose to find user privilege related (UPR) variables first as start points to
investigate the code where the UPR variables may be used to see if there exists
any vulnerabilities, especially the logic ones. In this paper, we introduce a
large language model (LLM) workflow that can assist analysts in identifying
such UPR variables, which is considered to be a very time-consuming task.
Specifically, our tool will audit all the variables in a program and output a
UPR score, which is the degree of relationship (closeness) between the variable
and user privileges, for each variable. The proposed approach avoids the
drawbacks introduced by directly prompting a LLM to find UPR variables by
focusing on leverage the LLM at statement level instead of supplying LLM with
very long code snippets. Those variables with high UPR scores are essentially
potential UPR variables, which should be manually investigated. Our experiments
show that using a typical UPR score threshold (i.e., UPR score >0.8), the false
positive rate (FPR) is only 13.49
more than that of the heuristic based method.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要