Demo: SGCode: A Flexible Prompt-Optimizing System for Secure Generation of Code

Khiem Ton; Nhi Nguyen; Mahmoud Nazzal; Abdallah Khreishah; Cristian Borcea; Hai Phan; Ruoming Jin; Issa Khalil; Yelong Shen

doi:10.1145/3658644.3691367

Demo: SGCode: A Flexible Prompt-Optimizing System for Secure Generation of Code

Khiem Ton, Nhi Nguyen, Mahmoud Nazzal, Abdallah Khreishah, Cristian Borcea, Hai Phan, Ruoming Jin, Issa Khalil, Yelong Shen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

This paper introduces SGCode, a flexible prompt-optimizing system to generate secure code with large language models (LLMs). SGCode integrates recent prompt-optimization approaches with LLMs in a unified system accessible through front-end and back-end APIs, enabling users to 1) generate secure code, which is free of vulnerabilities, 2) review and share security analysis, and 3) easily switch from one prompt optimization approach to another, while providing insights on model and system performance. We populated SGCode on an AWS server with PromSec, an approach that optimizes prompts by combining an LLM and security tools with a lightweight generative adversarial graph neural network to detect and fix security vulnerabilities in the generated code. Extensive experiments show that SGCode is practical as a public tool to gain insights into the trade-offs between model utility, secure code generation, and system cost. SGCode has only a marginal cost compared with prompting LLMs. SGCode is available at: SGCode.

Original language	English (US)
Title of host publication	CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery, Inc
Pages	5078-5080
Number of pages	3
ISBN (Electronic)	9798400706363
DOIs	https://doi.org/10.1145/3658644.3691367
State	Published - Dec 9 2024
Event	31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 - Salt Lake City, United States Duration: Oct 14 2024 → Oct 18 2024

Publication series

Name	CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

Conference

Conference	31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024
Country/Territory	United States
City	Salt Lake City
Period	10/14/24 → 10/18/24

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Computer Science Applications
Software

Keywords

Demonstration system
LLMs
Prompt optimization
Secure code

Access to Document

10.1145/3658644.3691367

Cite this

Ton, K., Nguyen, N., Nazzal, M., Khreishah, A., Borcea, C., Phan, H., Jin, R., Khalil, I., & Shen, Y. (2024). Demo: SGCode: A Flexible Prompt-Optimizing System for Secure Generation of Code. In CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security (pp. 5078-5080). (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security). Association for Computing Machinery, Inc. https://doi.org/10.1145/3658644.3691367

Ton, Khiem ; Nguyen, Nhi ; Nazzal, Mahmoud et al. / Demo : SGCode: A Flexible Prompt-Optimizing System for Secure Generation of Code. CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2024. pp. 5078-5080 (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security).

@inproceedings{f9c295ad5c7c4af597d9dbc9dd0a7996,

title = "Demo: SGCode: A Flexible Prompt-Optimizing System for Secure Generation of Code",

abstract = "This paper introduces SGCode, a flexible prompt-optimizing system to generate secure code with large language models (LLMs). SGCode integrates recent prompt-optimization approaches with LLMs in a unified system accessible through front-end and back-end APIs, enabling users to 1) generate secure code, which is free of vulnerabilities, 2) review and share security analysis, and 3) easily switch from one prompt optimization approach to another, while providing insights on model and system performance. We populated SGCode on an AWS server with PromSec, an approach that optimizes prompts by combining an LLM and security tools with a lightweight generative adversarial graph neural network to detect and fix security vulnerabilities in the generated code. Extensive experiments show that SGCode is practical as a public tool to gain insights into the trade-offs between model utility, secure code generation, and system cost. SGCode has only a marginal cost compared with prompting LLMs. SGCode is available at: SGCode.",

keywords = "Demonstration system, LLMs, Prompt optimization, Secure code",

author = "Khiem Ton and Nhi Nguyen and Mahmoud Nazzal and Abdallah Khreishah and Cristian Borcea and Hai Phan and Ruoming Jin and Issa Khalil and Yelong Shen",

note = "Publisher Copyright: {\textcopyright} 2024 Copyright held by the owner/author(s).; 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024 ; Conference date: 14-10-2024 Through 18-10-2024",

year = "2024",

month = dec,

day = "9",

doi = "10.1145/3658644.3691367",

language = "English (US)",

series = "CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery, Inc",

pages = "5078--5080",

booktitle = "CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security",

}

Ton, K, Nguyen, N, Nazzal, M, Khreishah, A , Borcea, C , Phan, H, Jin, R, Khalil, I & Shen, Y 2024, Demo: SGCode: A Flexible Prompt-Optimizing System for Secure Generation of Code. in CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, Inc, pp. 5078-5080, 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024, Salt Lake City, United States, 10/14/24. https://doi.org/10.1145/3658644.3691367

Demo: SGCode: A Flexible Prompt-Optimizing System for Secure Generation of Code. / Ton, Khiem; Nguyen, Nhi; Nazzal, Mahmoud et al.
CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc, 2024. p. 5078-5080 (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Demo

T2 - 31st ACM SIGSAC Conference on Computer and Communications Security, CCS 2024

AU - Ton, Khiem

AU - Nguyen, Nhi

AU - Nazzal, Mahmoud

AU - Khreishah, Abdallah

AU - Borcea, Cristian

AU - Phan, Hai

AU - Jin, Ruoming

AU - Khalil, Issa

AU - Shen, Yelong

PY - 2024/12/9

Y1 - 2024/12/9

N2 - This paper introduces SGCode, a flexible prompt-optimizing system to generate secure code with large language models (LLMs). SGCode integrates recent prompt-optimization approaches with LLMs in a unified system accessible through front-end and back-end APIs, enabling users to 1) generate secure code, which is free of vulnerabilities, 2) review and share security analysis, and 3) easily switch from one prompt optimization approach to another, while providing insights on model and system performance. We populated SGCode on an AWS server with PromSec, an approach that optimizes prompts by combining an LLM and security tools with a lightweight generative adversarial graph neural network to detect and fix security vulnerabilities in the generated code. Extensive experiments show that SGCode is practical as a public tool to gain insights into the trade-offs between model utility, secure code generation, and system cost. SGCode has only a marginal cost compared with prompting LLMs. SGCode is available at: SGCode.

AB - This paper introduces SGCode, a flexible prompt-optimizing system to generate secure code with large language models (LLMs). SGCode integrates recent prompt-optimization approaches with LLMs in a unified system accessible through front-end and back-end APIs, enabling users to 1) generate secure code, which is free of vulnerabilities, 2) review and share security analysis, and 3) easily switch from one prompt optimization approach to another, while providing insights on model and system performance. We populated SGCode on an AWS server with PromSec, an approach that optimizes prompts by combining an LLM and security tools with a lightweight generative adversarial graph neural network to detect and fix security vulnerabilities in the generated code. Extensive experiments show that SGCode is practical as a public tool to gain insights into the trade-offs between model utility, secure code generation, and system cost. SGCode has only a marginal cost compared with prompting LLMs. SGCode is available at: SGCode.

KW - Demonstration system

KW - LLMs

KW - Prompt optimization

KW - Secure code

UR - http://www.scopus.com/inward/record.url?scp=85215510203&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85215510203&partnerID=8YFLogxK

U2 - 10.1145/3658644.3691367

DO - 10.1145/3658644.3691367

M3 - Conference contribution

AN - SCOPUS:85215510203

T3 - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

SP - 5078

EP - 5080

BT - CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery, Inc

Y2 - 14 October 2024 through 18 October 2024

ER -

Ton K, Nguyen N, Nazzal M, Khreishah A , Borcea C , Phan H et al. Demo: SGCode: A Flexible Prompt-Optimizing System for Secure Generation of Code. In CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, Inc. 2024. p. 5078-5080. (CCS 2024 - Proceedings of the 2024 ACM SIGSAC Conference on Computer and Communications Security). doi: 10.1145/3658644.3691367

Demo: SGCode: A Flexible Prompt-Optimizing System for Secure Generation of Code

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this