[Review] Examining Zero-Shot Vulnerability Repair with Large Language Models
Posted Updated Research3 minutes read (About 391 words)

[Review] Examining Zero-Shot Vulnerability Repair with Large Language Models

Link here

The paper tests the performance of LLM for program repair. The same topic as Automated Program Repair in the Era of Large Pre-trained Language Models. Differently, this paper focuses more on the details, whose program repair setting is much more complicated.

Some conclusions were drawn:

  • LLMs can generate fixes to bugs.
  • But for real-world settings, the performance is not enough.

Background:

  • Security bugs are significant.
  • LLMs are popular and has outstanding performance.

Implementation:

RQ1: Can off-the-shelf LLMs generate safe and functional code to fix security vulnerabilities?

RQ2: Does varying the amount of context in the comments of a prompt affect the LLM’s ability to suggest fixes?

RQ3: What are the challenges when using LLMs to fix vulnerabilities in the real world?

RQ4: How reliable are LLMs at generating repairs?

Read more
[Review] Titan : Efficient Multi-target Directed Greybox Fuzzing
Posted Updated Research2 minutes read (About 312 words)

[Review] Titan : Efficient Multi-target Directed Greybox Fuzzing

Link here

The paper presents a multi-target fuzzing method, which fuzzes different targets at the same time.

Titan is proposed to perform this work, enabling the fuzzers to distinguish correlations between various targets in the program. And under these correlations, optimizes the input generation efficiently and simultaneously fuzzing different targets.

repo

Introduction:

In practice, more than 1000 potential targets may need verification, which will be costly. Current direct fuzzing only aims at on target at a time, lowering the verification efficiency, and generating multiple instances for fuzzing multiple targets will also be 3.6x slower compared with sequentially applying only one instance at a time for one target.

Read more
[Review] How IoT Re-using Threatens Your Sensitive Data: Exploring the User-Data Disposal in Used IoT Devices
Posted Updated Research2 minutes read (About 327 words)

[Review] How IoT Re-using Threatens Your Sensitive Data: Exploring the User-Data Disposal in Used IoT Devices

Link here

This paper performs the first in-depth investigation on the user-data disposal of used IoT devices, and finds that:

  1. Most users lack the awareness of disposing used IoT devices.
  2. IoT devices collect more sensitive data than users expect, and current data protections of used IoT devices are inadequate.
  3. The disposal methods of used IoT devices are often ineffective.

Implementation:

RQ1: Which kinds of sensitive data reside in used IoT devices?

RQ2: Which methods can be used to dispose of sensitive data?

RQ3: Are existing disposal methods effective in erasing the sensitive data?

Read more
Follow

Links

Recents

Categories

Archives

Tags

20071
20121
20131
20161
20181
20191
20202
20214
20223
202310
20245
ASE2
ASE 20161
ASE 20241
Binary Search1
CCS4
CCS 20191
CCS 20201
CCS 20211
CCS 20231
CHI1
CHI 20211
Dynamic Programming1
ESEC/FSE1
ESEC/FSE 20231
ESEM1
ESEM 20211
ICSE5
ICSE 20071
ICSE 20121
ICSE 20231
ICSE 20242
IEEE S&P3
IEEE S&P 20232
IEEE S&P 20241
ISSTA2
ISSTA 20221
ISSTA 20231
Jottings2
LeetCode2
NDSS1
NDSS 20241
OSDI1
OSDI 20201
Paper Review30
SOSP2
SOSP 20211
SOSP 20231
TSE3
TSE 20131
TSE 20222
USENIX Security4
USENIX Security 20181
USENIX Security 20233
汇编1
算法2
自学笔记5
计算机系统3

Subscribe for updates

×