Please note: This PhD seminar will take place in DC 2310.
Murray
Dunne,
PhD
candidate
David
R.
Cheriton
School
of
Computer
Science
Supervisor: Professor Sebastian Fischmeister
Modern firmware development is done in a fast-paced, time-constrained environment. This pressure tempts developers to use generative AI to write code for them to save time. While this is a powerful tool with careful developer review, these reviews are commonly sacrificed to meet deadlines. This results in AI-written code existing verbatim, deployed in the firmware of devices finding their way into our cyber-physical environment. In the absence of developer oversight, we suggest that generative AI-written code does not sufficiently account for common software vulnerabilities.
In this work, we explore a collection of modern Large Language Models (LLMs) and use them to generate code based on popular network standards. We fuzz this code and report a taxonomy of common LLM-generated vulnerabilities. Finally, we provide suggested test input structures that could reasonably be used to exploit these vulnerabilities, as a first step towards fuzz testing for LLM generated code.