This paper proposes LATTE, the first static binary taint analysis that is powered by a large language model (LLM). LATTE is superior to the state of the art (e.g., Emtaint, Arbiter, Karonte) in three aspects. First, LATTE is fully automated while prior static binary taint analyzers need rely on human expertise to manually customize taint propagation rules and vulnerability inspection rules. Second, LATTE is significantly effective in vulnerability detection, demonstrated by our comprehensive evaluations. For example, LATTE has found 37 new bugs in real-world firmware which the baselines failed to find, and 7 of them have been assigned CVE numbers. Lastly, LATTE incurs remarkably low engineering cost, making it a cost-efficient and scalable solution for security researchers and practitioners. We strongly believe that LATTE opens up a new direction to harness the recent advance in LLMs to improve vulnerability analysis for binary programs.

翻译：本文提出LATTE，这是首个由大型语言模型（LLM）驱动的静态二进制污点分析工具。LATTE在三个方面优于现有技术（如Emtaint、Arbiter、Karonte）。首先，LATTE完全自动化，而先前的静态二进制污点分析器需要依赖人工专业知识来手动定制污点传播规则和漏洞检测规则。其次，我们的综合评估表明LATTE在漏洞检测方面效果显著。例如，LATTE在真实固件中发现了37个基线方法未能发现的新缺陷，其中7个已获得CVE编号。最后，LATTE的工程成本极低，使其成为安全研究人员和实践者经济高效且可扩展的解决方案。我们坚信LATTE开辟了一个新方向，即利用LLM的最新进展来改进二进制程序的漏洞分析。