Collaboration to Repository-Level Vulnerability Detection
Large Language Model (LLM)-based methods have proven to be effective for many software engineering domains, with a potential for substantial productivity effective for software vulnerability detection. However, due to the limitation of the length of input contexts of LLM, the existing LLM-based methods mainly focus on detecting function-level and leveraging the in-file context information for vulnerability detection (i.e., intra-procedural vulnerabilities), ignoring the more complex inter-procedural vulnerability detection scenarios in practice.
For instance, developers routinely engage with program analysis to detect vulnerabilities that span multiple cross-file information within repositories.
Since complex processes tend to have redundancy dependencies from spanning multiple files in the repository level and invoking multiple static analysis tools, the ideal goal of vulnerability detection is to extract the vulnerability-related information from the repository and provide potential possible explanations for vulnerability triggers. However, such a goal is hard to achieve, and thus in this work, we design three works through multi agent collaboration to approach the goal of repository-level vulnerability detection.
Tue 17 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
13:30 - 15:00 | |||
13:30 15mTalk | Shaping Test Inputs in Grammar-Based Fuzzing Doctoral Symposium S: José Antonio Zamudio Amaya CISPA Helmholtz Center for Information Security, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||
13:45 10mTalk | Graph Learning for Extract Class Refactoring Doctoral Symposium S: Luqiao Wang Xidian University, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||
13:55 10mTalk | With Biabduction towards Memory Safety across the Rust-C-FFI Doctoral Symposium S: Florian Sextl TU Wien, Austria, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||
14:05 10mTalk | Decentralized Near-Synchronous Local-First Programming Collaboration Doctoral Symposium S: Leon Freudenthaler FH Campus Wien, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||
14:15 10mTalk | Quality Assurance For Non-Trivial Systems: Use Case GCC Plugins Doctoral Symposium S: Nimantha Kariyakarawana DistriNet-KU Leuven, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||
14:25 10mTalk | Collaboration to Repository-Level Vulnerability Detection Doctoral Symposium S: Xin-Cheng Wen Harbin Institute of Technology, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||
14:35 15mTalk | Learning the Effects of Software Changes Doctoral Symposium S: Laura Plein CISPA Helmholtz Center for Information Security, P: Elisa Gonzalez Boix Vrije Universiteit Brussel, P: Marcelo d'Amorim North Carolina State University, P: Mira Mezini TU Darmstadt; hessian.AI; National Research Center for Applied Cybersecurity ATHENE | ||