{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T10:07:33Z","timestamp":1772532453093,"version":"3.50.1"},"publisher-location":"Cham","reference-count":49,"publisher":"Springer Nature Switzerland","isbn-type":[{"value":"9783031708787","type":"print"},{"value":"9783031708794","type":"electronic"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-70879-4_15","type":"book-chapter","created":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T19:02:20Z","timestamp":1725476540000},"page":"290-310","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["ZeroLeak: Automated Side-Channel Patching in\u00a0Source Code Using LLMs"],"prefix":"10.1007","author":[{"given":"M. Caner","family":"Tol","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Berk","family":"Sunar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,9,5]]},"reference":[{"key":"15_CR1","unstructured":"npm-stat: download statistics for npm packages. https:\/\/npm-stat.com\/charts.html?package=aes-js&from=2013-08-03 &to=2023-08-03, Accessed 8 Mar 2023"},{"key":"15_CR2","unstructured":"Ahmad, B., Thakur, S., Tan, B., Karri, R., Pearce, H.: Fixing hardware security bugs with large language models. arXiv preprint arXiv:2302.01215 (2023)"},{"key":"15_CR3","unstructured":"Anil, R., et\u00a0al.: Palm 2 technical report (2023)"},{"issue":"6","key":"15_CR4","doi-asserted-by":"publisher","first-page":"362","DOI":"10.1145\/3140587.3062378","volume":"52","author":"T Antonopoulos","year":"2017","unstructured":"Antonopoulos, T., Gazzillo, P., Hicks, M., Koskinen, E., Terauchi, T., Wei, S.: Decomposition instead of self-composition for proving the absence of timing channels. ACM SIGPLAN Not. 52(6), 362\u2013375 (2017)","journal-title":"ACM SIGPLAN Not."},{"key":"15_CR5","unstructured":"Bazaar, D.: Forge (2023). https:\/\/github.com\/digitalbazaar\/forge, Accessed 19 July 2023"},{"key":"15_CR6","doi-asserted-by":"crossref","unstructured":"Borrello, P., D\u2019Elia, D.C., Querzoni, L., Giuffrida, C.: Constantine: Automatic side-channel resistance using efficient control and data flow linearization. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pp. 715\u2013733 (2021)","DOI":"10.1145\/3460120.3484583"},{"key":"15_CR7","doi-asserted-by":"crossref","unstructured":"Bos, J., et al.: Crystals-kyber: a cca-secure module-lattice-based kem. In: 2018 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 353\u2013367. IEEE (2018)","DOI":"10.1109\/EuroSP.2018.00032"},{"key":"15_CR8","doi-asserted-by":"crossref","unstructured":"Canella, C., et al.: Fallout: Leaking data on meltdown-resistant cpus. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM (2019)","DOI":"10.1145\/3319535.3363219"},{"key":"15_CR9","doi-asserted-by":"crossref","unstructured":"Cauligi, S., et al.: Constant-time foundations for the new spectre era. In: Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 913\u2013926 (2020)","DOI":"10.1145\/3385412.3385970"},{"key":"15_CR10","doi-asserted-by":"crossref","unstructured":"Cauligi, S., Disselkoen, C., Moghimi, D., Barthe, G., Stefan, D.: Sok: practical foundations for software spectre defenses. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 666\u2013680. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833707"},{"key":"15_CR11","unstructured":"Charalambous, Y., Tihanyi, N., Jain, R., Sun, Y., Ferrag, M.A., Cordeiro, L.C.: A new era in software security: Towards self-healing software via large language models and formal verification. arXiv preprint arXiv:2305.14752 (2023)"},{"key":"15_CR12","unstructured":"Committee, O.T.: Spectre and meltdown attacks against openssl, https:\/\/www.openssl.org\/blog\/blog\/2022\/05\/13\/spectre-meltdown, published on OpenSSL Blog: 05\/13\/2022"},{"issue":"1","key":"15_CR13","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/2756550","volume":"18","author":"G Doychev","year":"2015","unstructured":"Doychev, G., K\u00f6pf, B., Mauborgne, L., Reineke, J.: Cacheaudit: a tool for the static analysis of cache side channels. ACM Trans. inform. Syst. Sec. (TISSEC) 18(1), 1\u201332 (2015)","journal-title":"ACM Trans. inform. Syst. Sec. (TISSEC)"},{"key":"15_CR14","unstructured":"Garg, S., Moghaddam, R.Z., Sundaresan, N.: Rapgen: An approach for fixing code inefficiencies in zero-shot. arXiv preprint arXiv:2306.17077 (2023)"},{"key":"15_CR15","unstructured":"Gartner: Emerging tech: Generative ai code assistants are becoming essential to developer experience (2023). https:\/\/www.gartner.com\/en\/documents\/4348899"},{"key":"15_CR16","unstructured":"grsecurity: Teardown of a failed linux lts spectre fix (2019). https:\/\/grsecurity.net\/teardown_of_a_failed_linux_lts_spectre_fix (Accessed 02 Aug 2023)"},{"key":"15_CR17","doi-asserted-by":"crossref","unstructured":"Guarnieri, M., K\u00f6pf, B., Morales, J.F., Reineke, J., S\u00e1nchez, A.: Spectector: Principled detection of speculative information flows. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 1\u201319. IEEE (2020)","DOI":"10.1109\/SP40000.2020.00011"},{"key":"15_CR18","doi-asserted-by":"crossref","unstructured":"Gupta, R., Pal, S., Kanade, A., Shevade, S.: Deepfix: fixing common c language errors by deep learning. In: Proceedings of the AAAI Conference on Artificial Intelligence, vol.\u00a031 (2017)","DOI":"10.1609\/aaai.v31i1.10742"},{"key":"15_CR19","unstructured":"Indutny, F.: Bn.js: Bignum in pure javascript. https:\/\/github.com\/indutny\/bn.js\/, Accessed 03 Aug 2023"},{"key":"15_CR20","unstructured":"Indutny, F.: Elliptic (2023). https:\/\/github.com\/indutny\/elliptic, Accessed 19 Sep 2023"},{"key":"15_CR21","doi-asserted-by":"crossref","unstructured":"Jancar, J., et al.: They\u2019re not that hard to mitigate\u201d: What cryptographic library developers think about timing attacks. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 632\u2013649. IEEE (2022)","DOI":"10.1109\/SP46214.2022.9833713"},{"key":"15_CR22","unstructured":"Kocetkov, D., et al.: The stack: 3 tb of permissively licensed source code. Preprint (2022)"},{"key":"15_CR23","unstructured":"Kocher, P.: Spectre mitigations in microsoft\u2019s c\/c++ compiler (2018). https:\/\/www.paulkocher.com\/doc\/MicrosoftCompilerSpectreMitigation.html, Accessed 27 July 2023"},{"key":"15_CR24","doi-asserted-by":"crossref","unstructured":"Kocher, P., et\u00a0al.: Spectre attacks: Exploiting speculative execution. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 1\u201319. IEEE (2019)","DOI":"10.1109\/SP.2019.00002"},{"key":"15_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1007\/3-540-68697-5_9","volume-title":"Advances in Cryptology \u2014 CRYPTO \u201996","author":"PC Kocher","year":"1996","unstructured":"Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104\u2013113. Springer, Heidelberg (1996). https:\/\/doi.org\/10.1007\/3-540-68697-5_9"},{"key":"15_CR26","unstructured":"Langley, A.: ctgrind: Checking that functions are constant time with valgrind (2013). https:\/\/github.com\/agl\/ctgrind"},{"key":"15_CR27","unstructured":"Lipp, M., et al.: Meltdown: reading kernel memory from user space. In: 27th USENIX Security Symposium (USENIX Security 2018) (2018)"},{"key":"15_CR28","unstructured":"Little, J.: base64-js (2023). https:\/\/github.com\/beatgammit\/base64-js, Accessed 19 Sep 2023"},{"key":"15_CR29","unstructured":"Moore, R.: aes-js (2023). https:\/\/github.com\/ricmoo\/aes-js, Accessed 19 Sep 2023"},{"key":"15_CR30","doi-asserted-by":"publisher","unstructured":"Mosier, N., Lachnitt, H., Nemati, H., Trippel, C.: Axiomatic hardware-software contracts for security. In: Proceedings of the 49th Annual International Symposium on Computer Architecture, ISCA 2022, pp. 72-86. Association for Computing Machinery, New York (2022). https:\/\/doi.org\/10.1145\/3470496.3527412","DOI":"10.1145\/3470496.3527412"},{"key":"15_CR31","unstructured":"OpenAI: Gpt-4 technical report (2023)"},{"key":"15_CR32","doi-asserted-by":"crossref","unstructured":"Pearce, H., Tan, B., Ahmad, B., Karri, R., Dolan-Gavitt, B.: Examining zero-shot vulnerability repair with large language models. In: 2023 IEEE Symposium on Security and Privacy (SP). IEEE (2023)","DOI":"10.1109\/SP46215.2023.10179324"},{"key":"15_CR33","doi-asserted-by":"crossref","unstructured":"Rodrigues, B., Quint\u00e3o\u00a0Pereira, F.M., Aranha, D.F.: Sparse representation of implicit flows with applications to side-channel detection. In: Proceedings of the 25th International Conference on Compiler Construction, pp. 110\u2013120 (2016)","DOI":"10.1145\/2892208.2892230"},{"key":"15_CR34","doi-asserted-by":"crossref","unstructured":"l van Schaik, S., et al.: RIDL: Rogue in-flight data load. In: S &P (May 2019)","DOI":"10.1109\/SP.2019.00087"},{"key":"15_CR35","doi-asserted-by":"crossref","unstructured":"Schwarz, M., et al.: ZombieLoad: cross-privilege-boundary data sampling. In: CCS (2019)","DOI":"10.1145\/3319535.3354252"},{"key":"15_CR36","doi-asserted-by":"crossref","unstructured":"Tarlow, D., et al.: Learning to fix build errors with graph2diff neural networks. In: Proceedings of the IEEE\/ACM 42nd International Conference on Software Engineering Workshops, pp. 19\u201320 (2020)","DOI":"10.1145\/3387940.3392181"},{"key":"15_CR37","unstructured":"Touvron, H., et\u00a0al.: Llama 2: Open foundation and fine-tuned chat models (2023)"},{"key":"15_CR38","unstructured":"Tutoveanu, A.: Crystals-kyber javascript (2023). https:\/\/github.com\/antontutoveanu\/crystals-kyber-javascript, Accessed 17 Oct 2023"},{"key":"15_CR39","doi-asserted-by":"publisher","unstructured":"Wang, G., Chattopadhyay, S., Biswas, A.K., Mitra, T., Roychoudhury, A.: Kleespectre: detecting information leakage through speculative cache attacks via symbolic execution. ACM Trans. Softw. Eng. Methodol. 29(3) (2020). https:\/\/doi.org\/10.1145\/3385897","DOI":"10.1145\/3385897"},{"key":"15_CR40","unstructured":"Wang, S., Wang, P., Liu, X., Zhang, D., Wu, D.: $$\\{$$CacheD$$\\}$$: Identifying $$\\{$$Cache-Based$$\\}$$ timing channels in production software. In: 26th USENIX security symposium (USENIX security 17), pp. 235\u2013252 (2017)"},{"key":"15_CR41","unstructured":"Weiser, S., Zankl, A., Spreitzer, R., Miller, K., Mangard, S., Sigl, G.: $$\\{$$DATA$$\\}$$\u2013differential address trace analysis: Finding address-based $$\\{$$Side-Channels$$\\}$$ in binaries. In: 27th USENIX Security Symposium (USENIX Security 2018) (2018)"},{"key":"15_CR42","doi-asserted-by":"crossref","unstructured":"Wichelmann, J., Moghimi, A., Eisenbarth, T., Sunar, B.: Microwalk: a framework for finding side channels in binaries. In: Proceedings of the 34th Annual Computer Security Applications Conference. Association for Computing Machinery (2018)","DOI":"10.1145\/3274694.3274741"},{"key":"15_CR43","doi-asserted-by":"crossref","unstructured":"Wichelmann, J., Sieck, F., P\u00e4tschke, A., Eisenbarth, T.: Microwalk-ci: practical side-channel analysis for javascript applications. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (2022)","DOI":"10.1145\/3548606.3560654"},{"key":"15_CR44","doi-asserted-by":"crossref","unstructured":"Wu, M., Guo, S., Schaumont, P., Wang, C.: Eliminating timing side-channel leaks using program repair. In: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 15\u201326 (2018)","DOI":"10.1145\/3213846.3213851"},{"key":"15_CR45","unstructured":"Wu, T.: jsbn library. http:\/\/www-cs-students.stanford.edu\/~tjw\/jsbn\/, Accessed 03 Aug 2023"},{"key":"15_CR46","doi-asserted-by":"crossref","unstructured":"Wu, T., Terry, M., Cai, C.J.: Ai chains: transparent and controllable human-ai interaction by chaining large language model prompts. In: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems (2022)","DOI":"10.1145\/3491102.3517582"},{"key":"15_CR47","doi-asserted-by":"crossref","unstructured":"Wu, Y., et al.: How effective are neural networks for fixing security vulnerabilities. arXiv preprint arXiv:2305.18607 (2023)","DOI":"10.1145\/3597926.3598135"},{"key":"15_CR48","unstructured":"Yasunaga, M., Liang, P.: Break-it-fix-it: unsupervised learning for program repair. In: International Conference on Machine Learning, pp. 11941\u201311952. PMLR (2021)"},{"key":"15_CR49","unstructured":"Zhang, Z., Barthe, G., Chuengsatiansup, C., Schwabe, P., Yarom, Y.: Ultimate slh: Taking speculative load hardening to the next level. Cryptology ePrint Archive (2022)"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-70879-4_15","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,4]],"date-time":"2024-09-04T19:05:36Z","timestamp":1725476736000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-70879-4_15"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031708787","9783031708794"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-70879-4_15","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"5 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bydgoszcz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}