Building Static Tool For PDG Generation: Build code statement level program dependence graph (PDG) statically for a target program, so that each node in the graph corresponds to a code statement.
Perform Program Slicing: Use program slicing techniques to produce variable PDGs for all variables in the program.
Prompt Engineering GPT-4: Design the prompt for GPT-4 to rate the code statements in terms of the degree of their relation to user privilege operations
Produce UPR Score For Variables: Design an algorithm to aggregate the code statements in the variable PDGs to produce a UPR score for each variable. The variables with high UPR scores are UPR variables.
Evaluate Performance: Evaluate the performance of the tool chain, including manual evaluation of found UPR variables, comparison to existing methods, etc. Based on our evaluation, the false positive rate is less than 15%, comparing to ~50% using heuristic based method.
Ongoing Project