Trusted Execution Environments (TEEs) isolate a special space within a device's memory that is not accessible to the normal world (also known as Untrusted Environment), even when the device is compromised. Thus, developers can utilize TEEs to provide strong security guarantees for their programs, making sensitive operations like encrypted data storage, fingerprint verification, and remote attestation protected from malicious attacks. Despite the strong protections offered by TEEs, adapting existing programs to leverage such security guarantees is non-trivial, often requiring extensive domain knowledge and manual intervention, which makes TEEs less accessible to developers. This motivates us to design AutoTEE, the first Large Language Model (LLM)-enabled approach that can automatically identify, partition, transform, and port sensitive functions into TEEs with minimal developer intervention. By manually reviewing 68 repositories, we constructed a benchmark dataset consisting of 385 sensitive functions eligible for transformation, on which AutoTEE achieves a high F1 score of 0.91. AutoTEE effectively transforms these sensitive functions into their TEE-compatible counterparts, achieving success rates of 90\% and 83\% for Java and Python, respectively. We further provide a mechanism to automatically port the transformed code to different TEE platforms, including Intel SGX and AMD SEV, demonstrating that the transformed programs run successfully and correctly on these platforms.

翻译：可信执行环境（TEE）在设备内存中隔离出一个特殊空间，该空间对正常世界（亦称为不可信环境）不可访问，即使设备已遭入侵。因此，开发者可利用TEE为其程序提供强大的安全保障，使加密数据存储、指纹验证与远程认证等敏感操作免受恶意攻击。尽管TEE提供了强大的保护机制，但将现有程序适配以利用此类安全保障并非易事，通常需要深厚的领域知识与大量人工干预，这导致开发者难以便捷地使用TEE。为此，我们设计了AutoTEE——首个基于大语言模型（LLM）的方法，能够在最小化开发者干预的前提下，自动识别、划分、转换敏感函数并将其移植至TEE中。通过人工审查68个代码仓库，我们构建了包含385个可转换敏感函数的基准数据集，AutoTEE在该数据集上取得了0.91的高F1分数。AutoTEE能有效将这些敏感函数转换为TEE兼容的版本，在Java与Python语言中分别达到90%与83%的成功率。我们进一步提供了将转换后代码自动移植至不同TEE平台（包括Intel SGX与AMD SEV）的机制，实验表明转换后的程序均能在这些平台上成功且正确地运行。