2 research outputs found
Large Language Models for Code Analysis: Do LLMs Really Do Their Job?
Large language models (LLMs) have demonstrated significant potential in the
realm of natural language understanding and programming code processing tasks.
Their capacity to comprehend and generate human-like code has spurred research
into harnessing LLMs for code analysis purposes. However, the existing body of
literature falls short in delivering a systematic evaluation and assessment of
LLMs' effectiveness in code analysis, particularly in the context of obfuscated
code.
This paper seeks to bridge this gap by offering a comprehensive evaluation of
LLMs' capabilities in performing code analysis tasks. Additionally, it presents
real-world case studies that employ LLMs for the analysis of malicious code.
Our findings indicate that LLMs can indeed serve as valuable tools for
automating code analysis, albeit with certain limitations. Through meticulous
exploration, this research contributes to a deeper understanding of the
potential and constraints associated with utilizing LLMs in code analysis,
paving the way for enhanced applications in this critical domain
Gotcha! I Know What You are Doing on the FPGA Cloud: Fingerprinting Co-Located Cloud FPGA Accelerators via Measuring Communication Links
In recent decades, due to the emerging requirements of computation
acceleration, cloud FPGAs have become popular in public clouds. Major cloud
service providers, e.g. AWS and Microsoft Azure have provided FPGA computing
resources in their infrastructure and have enabled users to design and deploy
their own accelerators on these FPGAs. Multi-tenancy FPGAs, where multiple
users can share the same FPGA fabric with certain types of isolation to improve
resource efficiency, have already been proved feasible. However, this also
raises security concerns. Various types of side-channel attacks targeting
multi-tenancy FPGAs have been proposed and validated. The awareness of security
vulnerabilities in the cloud has motivated cloud providers to take action to
enhance the security of their cloud environments.
In FPGA security research papers, researchers always perform attacks under
the assumption that attackers successfully co-locate with victims and are aware
of the existence of victims on the same FPGA board. However, the way to reach
this point, i.e., how attackers secretly obtain information regarding
accelerators on the same fabric, is constantly ignored despite the fact that it
is non-trivial and important for attackers. In this paper, we present a novel
fingerprinting attack to gain the types of co-located FPGA accelerators. We
utilize a seemingly non-malicious benchmark accelerator to sniff the
communication link and collect performance traces of the FPGA-host
communication link. By analyzing these traces, we are able to achieve high
classification accuracy for fingerprinting co-located accelerators, which
proves that attackers can use our method to perform cloud FPGA accelerator
fingerprinting with a high success rate. As far as we know, this is the first
paper targeting multi-tenant FPGA accelerator fingerprinting with the
communication side-channel.Comment: To be published in ACM CCS 202