One Article Review
| Source |  ProjectZero |
|---|---|
| Identifiant | 8604691 |
| Date de publication | 2024-11-01 08:33:00 (vue: 2024-11-01 16:06:32) |
| Titre | De la sieste au grand sommeil: utiliser de grands modèles de langage pour capter des vulnérabilités dans le code du monde réel From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code |
| Texte | Posted by the Big Sleep team Introduction In our previous post, Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models, we introduced our framework for large-language-model-assisted vulnerability research and demonstrated its potential by improving the state-of-the-art performance on Meta\'s CyberSecEval2 benchmarks. Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind. Today, we\'re excited to share the first real-world vulnerability discovered by the Big Sleep agent: an exploitable stack buffer underflow in SQLite, a widely used open source database engine. We discovered the vulnerability and reported it to the developers in early October, who fixed it on the same day. Fortunately, we found this issue before it appeared in an official release, so SQLite users were not impacted. We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software. Earlier this year at the DARPA AIxCC event, Team Atlanta discovered a null-pointer dereference in SQLite, which inspired us to use it for our testing to see if we could find a more serious vulnerability. We think that this work has tremendous defensive potential. Finding vulnerabilities in software before it\'s even released, means that there\'s no scope for attackers to compete: the vulnerabilities are fixed before attackers even have a chance to use them. Fuzzing has helped significantly, but we need an approach that can help defenders to find the bugs that are difficult (or impossible) to find by fuzzing, and we\'re hopeful that AI can narrow this gap. We think that this is a promising path towards finally turning the tables and achieving an asymmetric advantage for defenders. The vulnerability itself is quite interesting, along with the fact that the existing testing infrastructure for SQLite (both through OSS-Fuzz, and the project\'s own infrastructure) did not find the issue, so we did some further investigation. Methodology A key motivating factor for Naptime and now for Big Sleep has been the |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | “shallow /* bitmask for those column */ /* constraint operator */ /* constraints on start /* true if this constraint is usable */ 1 for stop 2 for step */ aidx and assert const struct sqlite3 covers value and value */ covers value= for icol icol = pconstraint if int aidx int op = pconstraint limit offset op==sqlite pconstraint pconstraint++ series sqlite3 step stop struct sqlite3 up value>= xbestindex should ignore */ ** and value ** value> /* 0 for start /* column constrained /* table of where clause constraints */ /* used internally 1 for rowid */ 1 is 1 when 150 1976c3f7 1; due 2015 3 or 619 static int seriesbestindex 620 621 622 630 631 632 633 642 643 644 645 705 706 706: 707 713 714 715 716 717 718 718 will 719 720 7476: 7477: 7478: 7479: 7480: 7481: ; >icolumn >op; >usable==0 Allamanis Arjovsky Brand Buesing Charles Dan Dominik Glazunov Guilherme Henryk Koudhik Maier Maniatis Marco Marinho Mark Martin Michelwski Miltos Names Petros Sergei Sin Theophane Tulsyan Vanotti Weber Zheng `icol>=0 able about above accurate achieving adapt adapts adding adjusted admittedly advancing advantage afl after agent agent: aidx aidx buffer aim aixcc all allocateindexinfo and allocateindexinfo function almost along alphabetical already also alternative although ambiguity analysis another answer any apparent appear appeared appears apply approach are are: arises: art asked assert assertion assertions assessment assistant assistant blocks assisted asymmetric atlanta attackers attempted attempts available back based because been before believe below below benchmarks best bestindexc better between big binary bit bits blog both branches breakpoint browser buffer bug bug; bugs build built but c file c harness c:6816: calculated came can capabilities case case: cases catch catching cause causing certainly chance change changed changes cheaper check checked clause clauses clear clearly cli close code codebase collaboration collected column columns comes commentary commit commits common compare comparison compete: compiler compiling completion conclusion concrete condition configuration configuration: considering constraint constraint constraint *pconstraint; constraint struct constraints contain contained contains continue continued continues contributed corners corpus correctly corrupting cost could coverage cpu craft crafting crash crashed crashed: crashes crashing create creates current currently cut cyberseceval2 darpa database day debug debugger decided deepmind defenders defensive demonstrated depending dereference in dereferenced detailed details developers dictionary did diff different difficult directly discovered discovery discovery of distinct set documentation documentation and does doesn dramatic due during earlier early edge effective effectively effectiveness effort else if enabled end ended engine eq error evaluate evaluating even event everyone evolved examine example examples excited exciting existing exit exited expectation experiment experimental expert modules explaining explanation exploitable exploits exploring extension extensive fact factor fail failure fairly far feel field finally find finding first fit fix fixed fixing focus followed form format formed fortunately found founded framework from fsdir full function further f |
| Tags | Tool Vulnerability Prediction |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.