Finding Missing Input Validation in TEEs via LLM-Assisted Symbolic Execution
Chengyan Ma, Jieke Shi, Ruidong Han, Ye Liu, Yuqing Niu, David Lo
TL;DR
SymTEE is an LLM-assisted symbolic execution framework that detects missing input validation in TEE applications efficiently without requiring real TEE setups.
Contribution
The paper introduces SymTEE, a novel framework combining LLMs and symbolic execution to automatically identify input validation issues in TEEs, reducing setup complexity.
Findings
Achieves 100% precision in vulnerability detection.
Recalls 92.3% of real-world vulnerabilities.
Operates at an average cost of $0.05 per analysis.
Abstract
Trusted Execution Environments (TEEs) provide hardware-enforced isolation that protects sensitive code and data from untrusted software. Despite their strong security guarantees, analyzing TEE applications remains challenging due to the high cost and complexity of configuring complete TEE build and runtime environments, as well as the limited observability imposed by hardware isolation. This paper presents SymTEE, a novel large language model (LLM)-assisted symbolic execution framework for detecting missing input validation issues in TEE applications without requiring real TEE setups. SymTEE begins by leveraging Abstract Syntax Tree (AST) analysis to extract TEE code slices that may lack sufficient input validation, and then employs an LLM (GPT-5 in our case) to automatically convert the extracted slices into KLEE-compatible harness programs containing lightweight mock execution…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.