ZeroLeak: Using LLMs for Scalable and Cost Effective Side-Channel Patching

TL;DR

This paper presents ZeroLeak, a framework that leverages large language models to automatically generate patches for microarchitectural side-channel vulnerabilities, offering a scalable and cost-effective solution that improves over time.

Contribution

It introduces a novel approach using LLMs with zero-shot prompts to generate security patches for side-channel leaks, combined with dynamic leakage analysis.

Findings

LLMs can generate effective patches for side-channel vulnerabilities.

The approach is highly cost-effective, costing only a few cents per vulnerability.

The framework improves as detection tools and LLMs evolve.

Abstract

Security critical software, e.g., OpenSSL, comes with numerous side-channel leakages left unpatched due to a lack of resources or experts. The situation will only worsen as the pace of code development accelerates, with developers relying on Large Language Models (LLMs) to automatically generate code. In this work, we explore the use of LLMs in generating patches for vulnerable code with microarchitectural side-channel leakages. For this, we investigate the generative abilities of powerful LLMs by carefully crafting prompts following a zero-shot learning approach. All generated code is dynamically analyzed by leakage detection tools, which are capable of pinpointing information leakage at the instruction level leaked either from secret dependent accesses or branches or vulnerable Spectre gadgets, respectively. Carefully crafted prompts are used to generate candidate replacements for vulnerable code, which are then analyzed for correctness and for leakage resilience. From a cost/performance perspective, the GPT4-based configuration costs in API calls a mere few cents per vulnerability fixed. Our results show that LLM-based patching is far more cost-effective and thus provides a scalable solution. Finally, the framework we propose will improve in time, especially as vulnerability detection tools and LLMs mature.