TaintP2X: Detecting Taint-Style Prompt-to-Anything Injection Vulnerabilities in LLM-Integrated Applications
This program is tentative and subject to change.
Large Language Models (LLMs) have revolutionized numerous domains, enabling the development of LLM-integrated applications that autonomously plan and act through tool calling. While these applications demonstrate remarkable capabilities, their ability to invoke sensitive operations, such as file system interactions, code execution, and database queries, introduces critical security risks. In particular, prompt injection vulnerabilities, combined with security-sensitive sink functions, can lead to a broad class of attacks we define as \textit{Prompt-to-Anything Injection (P2Xi)}. These vulnerabilities, stemming from the misuse of LLM-generated outputs without proper validation, can result in severe consequences such as Remote Command Execution (RCE), file injection, SQL injection, and Server-Side Request Forgery (SSRF). To address this emerging threat, we propose TaintP2X, a novel static taint analysis framework that models LLM-generated outputs as taint sources, tracks their propagation through sensitive sink functions, and employs LLM-assisted analysis to prune false positives. TaintP2X achieves high precision and scalability, systematically identifying P2Xi vulnerabilities. In evaluations, TaintP2X demonstrated a 77.1% recall on a ground truth dataset of 35 vulnerabilities, outperforming state-of-the-art methods, and uncovered 101 taint paths across 75 GitHub repositories, with several vulnerabilities confirmed by developers. These findings highlight the prevalence and impact of P2Xi vulnerabilities and establish TaintP2X as a practical solution for securing LLM-integrated ecosystems.
This program is tentative and subject to change.
Thu 16 AprDisplayed time zone: Brasilia, Distrito Federal, Brazil change
16:00 - 17:30 | Dependability and Security 7Research Track at Oceania X Chair(s): Kaixuan Li Nanyang Technological University | ||
16:00 15mTalk | WhisperCatcher: Demystifying Unauthorized and Encrypted Private Data Transmission in Android ApplicationsAward Winner Research Track Zhaoyu Qiu Xi'an Jiaotong University, Ming Fan Xi'an Jiaotong University, Bocan Ma Xi'an Jiaotong University, Yutian Tang University of Glasgow, United Kingdom, Lei Xue Sun Yat-Sen University, Haijun Wang Xi'an Jiaotong University, Ting Liu Xi'an Jiaotong University | ||
16:15 15mTalk | Exploring and Improving Real-World Vulnerability Data Generation via Prompting Large Language Models Research Track Guangbei Yi Washington State University, Yu Nong University at Buffalo, SUNY, Minzhang Li Washington State University, Haipeng Cai University at Buffalo, SUNY DOI Pre-print | ||
16:30 15mTalk | TaintP2X: Detecting Taint-Style Prompt-to-Anything Injection Vulnerabilities in LLM-Integrated Applications Research Track HeJunjie , Shenao Wang Huazhong University of Science and Technology, Yanjie Zhao Huazhong University of Science and Technology, Xinyi Hou Huazhong University of Science and Technology, Zhao Liu 360 AI Security Lab, Quanchen Zou 360 AI Security Lab, Haoyu Wang Huazhong University of Science and Technology | ||
16:45 15mTalk | CoBrA: Context-, Branch-sensitive Static Analysis for Detecting Taint-style Vulnerabilities in PHP Web Applications Research Track Yichao Xu , Mingqing Kang Johns Hopkins University, Neil Thimmaiah University of Illinois Chicago, Rigel Gjomemo University of Illinois Chicago, V. N. Venkatakrishnan University of Illinois Chicago, Yinzhi Cao Johns Hopkins University | ||
17:00 15mTalk | Project-Level Resource Leak Detection through Agent-based Ownership Analysis and Repair Pattern Verification Research Track Chengxin Xu Institute of Information Engineering, Chinese Academy of Sciences, xiu zhang Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China, Xiaorui Gong Institute of Information Engineering, Chinese Academy of Science | ||
17:15 15mTalk | Understanding DevOps Security of Google Workspace Apps Research Track Liuhuo Wan University of Queensland, Chuan Yan University of Queensland, Zicong Liu University of Queensland, Haoyu Wang Huazhong University of Science and Technology, Guangdong Bai City University of Hong Kong | ||