A hybrid LLM workflow can help identify user privilege related variables in programs of any size

arXiv:2403.15723v1 Announce Type: new
Abstract: Many programs involves operations and logic manipulating user privileges, which is essential for the security of an organization. Therefore, one common malicious goal of attackers is to obtain or escalate the privileges, causing privilege leakage. To protect the program and the organization against privilege leakage attacks, it is important to eliminate the vulnerabilities which can be exploited to achieve such attacks. Unfortunately, while memory vulnerabilities are less challenging to find, logic vulnerabilities are much more …

arxiv attackers can cs.cr cs.se goal hybrid identify llm logic malicious operations organization privilege privileges program protect security size workflow