Skip to main content
Nubint
QUICK REVIEW

[论文解读] Compartmentalization-Aware Automated Program Repair

Jia Hu, Youcheng Sun|arXiv (Cornell University)|Mar 10, 2026
Security and Verification in Computing被引用 0
一句话总结

本文设计并评估一个考虑分区的自动程序修复框架,该框架使用 CIV 漏洞模糊测试器、由大语言模型驱动的补丁生成,以及一个反馈循环来自动修补跨分区接口并修复 CIVs。

ABSTRACT

Software compartmentalization breaks down an application into compartments isolated from each other: an attacker taking over a compartment will be confined to it, limiting the damage they can cause to the rest of the application. Despite the security promises of this approach, recent studies have shown that most existing compartmentalized software is plagued by vulnerabilities at cross-compartment interfaces, allowing an attacker taking over a compartment to escape its confinement and negate the security guarantees expected from compartmentalization. In that context, securing cross-compartment interfaces is notoriously difficult and engineering-intensive. In light of recent advances in Automated Program Repair (APR), notably through the use of Large Language Models (LLMs), this paper presents a work in progress investigating the suitability of LLM-based APR at securing cross-compartment interfaces as automatically as possible. We observe that existing APR approaches and general purpose/code-centric LLMs used as is are unfit for this task, and present the design, implementation, and early results of a new APR framework dedicated to compartment interface safety. The framework integrates into a feedback loop 1) a specialized fuzzer uncovering cross-compartment interface vulnerabilities; 2) a patch generation component bridging the lack of compartmentalization awareness of existing LLMs with a series of analysis techniques; and 3) a patch validation component assessing the effectiveness of generated vulnerability fixes. We validate our framework over a sample interface vulnerability, comparing it to a naive use of general-purpose LLMs, and discuss future research avenues.

研究动机与目标

  • 需要动机:确保存储分区收益的跨分区接口安全。
  • 设计一个迭代的 APR 框架,针对分区接口漏洞(CIVs)并具有明确的信任模型。
  • 利用 CIV 漏洞模糊测试器来发现漏洞,并将结果输入到由大语言模型驱动的补丁生成器。
  • 按数据类型对 CIVs 进行分类,以指导补丁生成并确定补丁性限制。
  • 在一个天真的大语言模型基线下评估该方法,并讨论未来的研究方向。

提出的方法

  • 结合 CIV 漏洞模糊测试器(ConfFuzz)以在给定分区策略下的接口处发现 CIVs。
  • 使用由考虑分区的提示词引导的、包含漏洞与应用上下文的 LLM 驱动的补丁生成组件。
  • 分析 CIV 和崩溃栈以通知补丁位置和数据流感知的补丁决策。
  • 按数据类型(指针、标量、结构化有效载荷、不透明句柄)对 CIV 进行分类,以确定补丁粒度和预防性检查。
  • 通过重复模糊测试和清理程序报告在反馈循环中验证生成的补丁,并根据补丁效果更新提示。
Figure 1. Trust models enforced by software compartmentalization, with the direction of attacks exploiting CIVs by corrupting the control or data flowing between untrusted and trusted compartments.
Figure 1. Trust models enforced by software compartmentalization, with the direction of attacks exploiting CIVs by corrupting the control or data flowing between untrusted and trusted compartments.

实验结果

研究问题

  • RQ1大语言模型驱动的 APR 是否能够通过自动解决 CIV 来有效保护跨分区接口?
  • RQ2与通用大语言模型相比,分区感知如何影响补丁生成与放置?
  • RQ3哪些类型的 CIV 更适合自动修复,哪些需要人工干预?
  • RQ4基于模糊测试器引导的、以反馈为驱动的修复循环是否在修补同一 CIV 时比 naive 的 LLM 修复基线更优?

主要发现

  • 早期结果显示补丁生成器通常输出仅部分解决 CIV 的补丁,需要迭代改进。
  • 该框架集成了一个基于模糊测试的验证循环,用于复现实例并测试 CIV 修复,在修复不完整时对提示进行改进。
  • 与天真的 GPT 风格修复基线相比,该框架在沙箱场景中修复同一 CIV 的效率有所提升。
  • CIV 与崩溃栈分析为补丁粒度和补丁点提供指导,帮助将修复定位到接口的相关部分。
  • 该研究概述了未来在现有不考虑分区的 APR 框架上使用 CIV 数据库进行评估的计划。
  • 该方法旨在量化哪些 CIV 类型和接口场景适合自动化,以及在哪些方面仍需人工指导。
Figure 2. Overview of our compartmentalization-aware APR framework. It takes as inputs (green boxes) an application’s source code, a description of its desired compartmentalization policy and of a particular cross-compartment interface to secure. A CIV Fuzzer uncovers CIVs on that interface, and the
Figure 2. Overview of our compartmentalization-aware APR framework. It takes as inputs (green boxes) an application’s source code, a description of its desired compartmentalization policy and of a particular cross-compartment interface to secure. A CIV Fuzzer uncovers CIVs on that interface, and the

更好的研究,从现在开始

从论文设计到论文写作,大幅缩短您的研究时间。

无需绑定信用卡

本解读由 AI 生成,并经人工编辑审核。