Automated Repair of TEE Partitioning Issues via DSL-Guided and LLM-Assisted Patching

TL;DR

This paper introduces TEERepair, an automated framework that uses a DSL and LLMs to fix partitioning vulnerabilities in TEE applications, improving security and reducing manual effort.

Contribution

The work presents a novel approach combining DSL encoding and LLM reasoning to automatically repair TEE partitioning issues, with high success rates and real-world applicability.

Findings

Achieved 87.6% repair success rate on the PartitioningE-Bench benchmark.

Submitted 5 repair pull requests to real-world TEE projects, with 2 merged.

Demonstrated effectiveness of combining DSL and LLMs for security patching.

Abstract

Trusted Execution Environments (TEEs) provide hardware-based isolation to protect sensitive data and computations from potentially compromised operating systems (OS). However, TEE applications inevitably interact with the untrusted OS through SDK interfaces, and improper partitioning can introduce severe vulnerabilities such as data leakage and code injection. While prior work has proposed static analysis tools to detect such issues, automated repair remains largely unexplored. This problem is particularly challenging due to three TEE-specific factors: the lack of standardized secure development guidelines, the difficulty of extracting semantic information from low-level C code, and the absence of mature testing and validation methods. In this work, we present TEERepair, a framework for automatically repairing bad partitioning issues in TEE applications. Our approach tackles the above challenges by introducing a domain-specific language (DSL) to encode repair rules that express and capture common TEE security patterns, which are instantiated as patch templates with placeholders for context-specific variables. We then leverage large language models (LLMs) to reason about code semantics and synthesize context-aware patches, and further generate test clients to validate the repairs. We evaluate TEERepair on the TEE Partitioning Errors Benchmark (PartitioningE-Bench), achieving a significantly higher repair success rate of 87.6% compared to baselines. Furthermore, applying TEERepair to real-world TEE projects, we submitted 5 repair pull requests, 2 of which have been confirmed and merged by project maintainers.