POSTER: Seccomp profiling with Dynamic Analysis via ChatGPT-assisted Test Code Generation

POSTER: Seccomp profiling with Dynamic Analysis via ChatGPT-assisted Test Code Generation

연구 분야: Analysis

학회: ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

The effectiveness of Seccomp kernel feature depends on how tightly and accurately the necessary system calls are specified in the seccomp policy. Static code analysis may miss out or over-approximate required system calls. With dynamic analysis, it is difficult to cover all possible execution paths. In this work, we aim to advance the state-of-the-art dynamic analysis approach by enabling it to increase the coverage of the target application's functionalities. Our approach takes as input the application's online documentation and leverages ChatGPT to generate a large number of test codes for functionalities in the documentation. This automated process eliminates the barrier to manually writing a large number of test codes for conducting dynamic analysis. Through our preliminary evaluation, we confirmed that ChatGPT can be used effectively to automatically generate a large number of test codes. Also, we observed early evidence that the seccomp policy generated from running the test codes could be more sound than the ones generated by static analysis.