This paper proposes LATTE, the first static binary taint analysis that is powered by a large language model (LLM). LATTE is superior to the state of the art (e.g., Emtaint, Arbiter, Karonte) in three aspects. First, LATTE is fully automated while prior static binary taint analyzers need rely on human expertise to manually customize taint propagation rules and vulnerability inspection rules. Second, LATTE is significantly effective in vulnerability detection, demonstrated by our comprehensive evaluations. For example, LATTE has found 37 new bugs in real-world firmware which the baselines failed to find, and 7 of them have been assigned CVE numbers. Lastly, LATTE incurs remarkably low engineering cost, making it a cost-efficient and scalable solution for security researchers and practitioners. We strongly believe that LATTE opens up a new direction to harness the recent advance in LLMs to improve vulnerability analysis for binary programs.

翻译：本文提出了LATTE，这是首个由大语言模型驱动的静态二进制污点分析方法。LATTE在三个方面优于现有技术（如Emtaint、Arbiter、Karonte）。首先，LATTE实现了全自动化，而先前的静态二进制污点分析工具需要依赖人工专业知识手动定制污点传播规则和漏洞检测规则。其次，通过全面评估证明，LATTE在漏洞检测方面具有显著效果。例如，LATTE在真实世界固件中发现了基线方法未能检测的37个新漏洞，其中7个已获得CVE编号。最后，LATTE的工程成本极低，为安全研究人员和实践者提供了高性价比且可扩展的解决方案。我们坚信，LATTE开辟了利用大语言模型最新进展来改进二进制程序漏洞分析的新方向。