○ 학회명 : 34th USENIX Conference on Security Symposium (USENIX Security ’25) 

○ 발표일시 : 2025. 8. 13. - 2025. 8. 15.

○ 발표장소 : 미국 워싱턴주 시애틀 

○ 저자 : 김영준, 신성욱, 김형식, 윤지원

○ 논문명 :  Logs In, Patches Out: Automated Vulnerability Repair via Tree-of-Thought LLM Analysis 

○ 초록

Research on automated vulnerability repair often requires extensive program analysis and expert input, making it challenging to deploy in practice. We propose SAN2PATCH, a system that generates patches using only sanitizer logs and source code, eliminating the need for costly program analysis or manual intervention. SAN2PATCH employs multi-stage reasoning with Large Language Models (LLMs) to decompose the patching process into four distinct tasks: vulnerability comprehension, fault localization, fix strategy formulation, and patch generation. Through tree-structured prompting and rigorous validation, SAN2PATCH can generate diverse, functionallycorrect patches. Evaluations on the VulnLoc dataset show that SAN2PATCH successfully patches 79.5% of vulnerabilities, surpassing state-of-the-art tools like ExtractFix (43%) and VulnFix (51%) by significant margins. On our newly curated SAN2VULN dataset of 27 new vulnerabilities from various open-source projects, SAN2PATCH achieves a 63% success rate, demonstrating its effectiveness on modern security flaws. Notably, SAN2PATCH excels at patching complex memoryrelated vulnerabilities, successfully fixing 81.8% of buffer overflows while preserving program functionality. This high performance, combined with minimal deployment requirements and elimination of manual steps, makes SAN2PATCH a practical solution for real-world vulnerability remediation.

○ 다운로드 링크 : https://www.usenix.org/system/files/usenixsecurity25-kim-youngjoon.pdf