This program is tentative and subject to change.
Tue 18 Nov 2025 15:10 - 15:20 at Grand Hall 5 - Security 2
This article proposes LATTE, the first static binary taint analysis that is powered by a large language model (LLM). LATTE is superior to the state of the art (e.g., Emtaint, Arbiter, Karonte) in three aspects. First, LATTE is fully automated while prior static binary taint analyzers need rely on human expertise to manually customize taint propagation rules and vulnerability inspection rules. Second, LATTE is significantly effective in vulnerability detection, demonstrated by our comprehensive evaluations. For example, LATTE has found 37 new bugs in real-world firmware, which the baselines failed to find. Moreover, 10 of them have been assigned CVE numbers. Lastly, LATTE incurs remarkably low engineering cost, making it a cost-efficient and scalable solution for security researchers and practitioners. We strongly believe that LATTE opens up a new direction to harness the recent advance in LLMs to improve vulnerability analysis for binary programs.
This program is tentative and subject to change.
Tue 18 NovDisplayed time zone: Seoul change
Tue 18 Nov
Displayed time zone: Seoul change
14:00 - 15:30 | |||
14:00 10mTalk | Towards Generalizable Instruction Vulnerability Prediction via LLM-Enhanced Code Representation Research Papers Bao Wen Nanjing University of Aeronautics and Astronautics, Jingjing Gu Nanjing University of Aeronautics and Astronautics, Jingxuan Zhang Nanjing University of Aeronautics and Astronautics, Yang Liu Nanyang Technological University, Pengfei Yu Nanjing University of Aeronautics and Astronautics, Yanchao Zhao Nanjing University of Aeronautics and Astronautics | ||
14:10 10mTalk | Interpretable Vulnerability Detection Reports Research Papers Claudia Mamede Carnegie Mellon University, Jose Campos FEUP & LASIGE, Claire Le Goues Carnegie Mellon University, Rui Abreu Faculty of Engineering of the University of Porto, Portugal | ||
14:20 10mTalk | Security Debt in LLM Agent Applications: A Measurement Study of Vulnerabilities and Mitigation Trade-offs Research Papers Zhuoxiang Shen Fudan University, Jiarun Dai Fudan University, Yuan Zhang Fudan University, Min Yang Fudan University | ||
14:30 10mTalk | Altered Histories in Version Control System Repositories: Evidence from the Trenches Research Papers Solal Rapaport Télécom Paris, Institut Polytechnique de Paris, Laurent Pautet Télécom Paris, Institut Polytechnique de Paris, Samuel Tardieu Télécom Paris, Institut Polytechnique de Paris, Stefano Zacchiroli LTCI, Télécom Paris, Institut Polytechnique de Paris, Palaiseau, France Pre-print | ||
14:40 10mTalk | Lares: LLM-driven Code Slice Semantic Search for Patch Presence Testing Research Papers Siyuan Li University of Chinese Academy of Sciences & Institute of Information Engineering Chinese Academy of Sciences, China, Yaowen Zheng Institute of Information Engineering at Chinese Academy of Sciences, Hong Li Institute of Information Engineering at Chinese Academy of Sciences, Jingdong Guo Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China;, Chaopeng Dong Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China;, Chunpeng Yan Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China, Weijie Wang Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China, Yimo Ren Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Hongsong Zhu Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences | ||
14:50 10mTalk | PoliCond: Condition-Aware Ontology-Driven LLMs for Privacy Policy Analysis Research Papers Yalin Feng Nanjing University, Yifei Lu State Key Laboratory for Novel Software Technology, Nanjing University, China, Minxue Pan Nanjing University | ||
15:00 10mTalk | Understanding Resource Injection Vulnerabilities in Kubernetes Ecosystems Research Papers Defang Bo Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences, Jie Lu Institute of Computing Technology of the Chinese Academy of Sciences, Feng Li Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, China; School of CyberSpace Security at University of Chinese Academy of Sciences, China, Jingting Chen Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences, Jinchen Wang Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences, Chendong Yu Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Yeting Li Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Wei Huo Institute of Information Engineering at Chinese Academy of Sciences | ||
15:10 10mTalk | LLM-Powered Static Binary Taint Analysis Journal-First Track Puzhuo Liu Ant Group & Tsinghua University, Chengnian Sun University of Waterloo, Yaowen Zheng Institute of Information Engineering at Chinese Academy of Sciences, Xuan Feng Independent Researcher, Chuan Qin Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Yuncheng Wang Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, UCAS Beijing, China, Zhenyang Xu University of Waterloo, Zhi Li Institute of Information Engineering, Chinese Academy of Sciences, China, Peng Di Ant Group & UNSW Sydney, Yu Jiang Tsinghua university, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences | ||
15:20 10mTalk | Stealthy Backdoor Attack for Code Models Journal-First Track Zhou Yang University of Alberta, Alberta Machine Intelligence Institute , Bowen Xu North Carolina State University, Jie M. Zhang King's College London, Hong Jin Kang University of Sydney, Jieke Shi Singapore Management University, Junda He Singapore Management University, David Lo Singapore Management University | ||