The content discusses the challenges in patching security critical software that has side-channel leakages, due to limited resources and expertise. It highlights the increasing reliance on Large Language Models (LLMs) for code generation and proposes the use of LLMs to generate patches for vulnerable code with microarchitectural side-channel leakages. The study explores the generative abilities of LLMs through carefully crafted prompts and analyzes the generated code for information leakage using leakage detection tools. The prompts are designed to generate candidate replacements for vulnerable code, which are then evaluated for correctness and resilience against leakage. The cost/performance analysis shows that the proposed GPT4-based configuration is highly cost-effective, with a minimal cost in API calls per vulnerability fixed. The results demonstrate that LLM-based patching is a scalable and cost-effective solution. The framework is expected to improve over time as vulnerability detection tools and LLMs advance.
ZeroLeak: Leveraging LLMs to Scale and Optimize Side-Channel Patching for Cost Efficiency (arXiv:2308.13062v1 [cs.CR])
