{"id":"https://openalex.org/W4402457779","doi":"https://doi.org/10.1145/3650212.3680371","title":"CoSec: On-the-Fly Security Hardening of Code LLMs via Supervised Co-decoding","display_name":"CoSec: On-the-Fly Security Hardening of Code LLMs via Supervised Co-decoding","publication_year":2024,"publication_date":"2024-09-11","ids":{"openalex":"https://openalex.org/W4402457779","doi":"https://doi.org/10.1145/3650212.3680371"},"language":"en","primary_location":{"id":"doi:10.1145/3650212.3680371","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3650212.3680371","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://ink.library.smu.edu.sg/sis_research/9918","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5092001899","display_name":"Dong Li","orcid":"https://orcid.org/0009-0003-2032-2015"},"institutions":[{"id":"https://openalex.org/I158842170","display_name":"Chongqing University","ror":"https://ror.org/023rhb549","country_code":"CN","type":"education","lineage":["https://openalex.org/I158842170"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Dong Li","raw_affiliation_strings":["Chongqing University, Chongqing, China"],"raw_orcid":"https://orcid.org/0009-0003-2032-2015","affiliations":[{"raw_affiliation_string":"Chongqing University, Chongqing, China","institution_ids":["https://openalex.org/I158842170"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5070783668","display_name":"Meng Yan","orcid":"https://orcid.org/0000-0002-9538-9121"},"institutions":[{"id":"https://openalex.org/I158842170","display_name":"Chongqing University","ror":"https://ror.org/023rhb549","country_code":"CN","type":"education","lineage":["https://openalex.org/I158842170"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Meng Yan","raw_affiliation_strings":["Chongqing University, Chongqing, China"],"raw_orcid":"https://orcid.org/0000-0002-9538-9121","affiliations":[{"raw_affiliation_string":"Chongqing University, Chongqing, China","institution_ids":["https://openalex.org/I158842170"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5076227931","display_name":"Y. X. Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I158842170","display_name":"Chongqing University","ror":"https://ror.org/023rhb549","country_code":"CN","type":"education","lineage":["https://openalex.org/I158842170"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yaosheng Zhang","raw_affiliation_strings":["Chongqing University, Chongqing, China"],"raw_orcid":"https://orcid.org/0009-0008-7134-3672","affiliations":[{"raw_affiliation_string":"Chongqing University, Chongqing, China","institution_ids":["https://openalex.org/I158842170"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102825823","display_name":"Zhongxin Liu","orcid":"https://orcid.org/0000-0002-1981-1626"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhongxin Liu","raw_affiliation_strings":["Zhejiang University, Hangzhou, China"],"raw_orcid":"https://orcid.org/0000-0002-1981-1626","affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101600108","display_name":"Chao Liu","orcid":"https://orcid.org/0000-0002-8283-9146"},"institutions":[{"id":"https://openalex.org/I158842170","display_name":"Chongqing University","ror":"https://ror.org/023rhb549","country_code":"CN","type":"education","lineage":["https://openalex.org/I158842170"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chao Liu","raw_affiliation_strings":["Chongqing University, Chongqing, China"],"raw_orcid":"https://orcid.org/0000-0002-8283-9146","affiliations":[{"raw_affiliation_string":"Chongqing University, Chongqing, China","institution_ids":["https://openalex.org/I158842170"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100330109","display_name":"Xiaohong Zhang","orcid":"https://orcid.org/0000-0002-1767-9342"},"institutions":[{"id":"https://openalex.org/I158842170","display_name":"Chongqing University","ror":"https://ror.org/023rhb549","country_code":"CN","type":"education","lineage":["https://openalex.org/I158842170"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaohong Zhang","raw_affiliation_strings":["Chongqing University, Chongqing, China"],"raw_orcid":"https://orcid.org/0000-0002-1767-9342","affiliations":[{"raw_affiliation_string":"Chongqing University, Chongqing, China","institution_ids":["https://openalex.org/I158842170"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100443178","display_name":"Ting Chen","orcid":"https://orcid.org/0000-0001-9165-8331"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ting Chen","raw_affiliation_strings":["University of Electronic Science and Technology of China, Chengdu, China"],"raw_orcid":"https://orcid.org/0000-0001-9165-8331","affiliations":[{"raw_affiliation_string":"University of Electronic Science and Technology of China, Chengdu, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5081036622","display_name":"David Lo","orcid":"https://orcid.org/0000-0002-4367-7201"},"institutions":[{"id":"https://openalex.org/I79891267","display_name":"Singapore Management University","ror":"https://ror.org/050qmg959","country_code":"SG","type":"education","lineage":["https://openalex.org/I79891267"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"David Lo","raw_affiliation_strings":["Singapore Management University, Singapore, Singapore"],"raw_orcid":"https://orcid.org/0000-0002-4367-7201","affiliations":[{"raw_affiliation_string":"Singapore Management University, Singapore, Singapore","institution_ids":["https://openalex.org/I79891267"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5092001899"],"corresponding_institution_ids":["https://openalex.org/I158842170"],"apc_list":null,"apc_paid":null,"fwci":3.2882,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.93055187,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1428","last_page":"1439"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9950000047683716,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10558","display_name":"Advancements in Semiconductor Devices and Circuit Design","score":0.9829000234603882,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/decoding-methods","display_name":"Decoding methods","score":0.7384389042854309},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5186290144920349},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.491197794675827},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.45464643836021423},{"id":"https://openalex.org/keywords/hardening","display_name":"Hardening (computing)","score":0.42370137572288513},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.15882712602615356},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.12038898468017578},{"id":"https://openalex.org/keywords/materials-science","display_name":"Materials science","score":0.11503863334655762},{"id":"https://openalex.org/keywords/nanotechnology","display_name":"Nanotechnology","score":0.08824023604393005}],"concepts":[{"id":"https://openalex.org/C57273362","wikidata":"https://www.wikidata.org/wiki/Q576722","display_name":"Decoding methods","level":2,"score":0.7384389042854309},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5186290144920349},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.491197794675827},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.45464643836021423},{"id":"https://openalex.org/C44255700","wikidata":"https://www.wikidata.org/wiki/Q978423","display_name":"Hardening (computing)","level":3,"score":0.42370137572288513},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.15882712602615356},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.12038898468017578},{"id":"https://openalex.org/C192562407","wikidata":"https://www.wikidata.org/wiki/Q228736","display_name":"Materials science","level":0,"score":0.11503863334655762},{"id":"https://openalex.org/C171250308","wikidata":"https://www.wikidata.org/wiki/Q11468","display_name":"Nanotechnology","level":1,"score":0.08824023604393005},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C2779227376","wikidata":"https://www.wikidata.org/wiki/Q6505497","display_name":"Layer (electronics)","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3650212.3680371","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3650212.3680371","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},{"id":"pmh:oai:ink.library.smu.edu.sg:sis_research-10918","is_oa":true,"landing_page_url":"https://ink.library.smu.edu.sg/sis_research/9918","pdf_url":null,"source":{"id":"https://openalex.org/S4306401925","display_name":"Singapore Management University Institutional Knowledge (InK) (Singapore Management University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79891267","host_organization_name":"Singapore Management University","host_organization_lineage":["https://openalex.org/I79891267"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://doi.org/10.1145/3650212.3680371","raw_type":"Conference Proceeding Article"}],"best_oa_location":{"id":"pmh:oai:ink.library.smu.edu.sg:sis_research-10918","is_oa":true,"landing_page_url":"https://ink.library.smu.edu.sg/sis_research/9918","pdf_url":null,"source":{"id":"https://openalex.org/S4306401925","display_name":"Singapore Management University Institutional Knowledge (InK) (Singapore Management University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I79891267","host_organization_name":"Singapore Management University","host_organization_lineage":["https://openalex.org/I79891267"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"https://doi.org/10.1145/3650212.3680371","raw_type":"Conference Proceeding Article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W2736762043","https://openalex.org/W3103170042","https://openalex.org/W3108032709","https://openalex.org/W3166095789","https://openalex.org/W3176618728","https://openalex.org/W3183469243","https://openalex.org/W4285294723","https://openalex.org/W4288055447","https://openalex.org/W4288057765","https://openalex.org/W4292779060","https://openalex.org/W4308627645","https://openalex.org/W4311887664","https://openalex.org/W4320560161","https://openalex.org/W4384345739","https://openalex.org/W4385562549","https://openalex.org/W4385572345","https://openalex.org/W4385572707","https://openalex.org/W4387321091","https://openalex.org/W4388422146","https://openalex.org/W4389519352","https://openalex.org/W4389520771","https://openalex.org/W4391307510","https://openalex.org/W4400680805","https://openalex.org/W6778883912"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W1968289971","https://openalex.org/W4300588357"],"abstract_inverted_index":{"Large":[0],"Language":[1],"Models":[2],"(LLMs)":[3],"specialized":[4],"in":[5,237,255],"code":[6,16,35,41,88,133,145,149,170,195,227,239],"have":[7,32,230],"shown":[8,33],"exceptional":[9],"proficiency":[10],"across":[11,234],"various":[12,235],"programming-related":[13],"tasks,":[14],"particularly":[15],"generation.":[17,196],"Nonetheless,":[18],"due":[19],"to":[20,39,47,91,110,140,147,156,165],"its":[21],"nature":[22],"of":[23,66,76,87,132,144,187,202,207,217,224,266,277],"pretraining":[24],"on":[25,136],"massive":[26],"uncritically":[27],"filtered":[28],"data,":[29],"prior":[30,116],"studies":[31],"that":[34,250],"LLMs":[36,89,134,146,240],"are":[37],"prone":[38],"generate":[40,148],"with":[42,122,167],"potential":[43],"vulnerabilities.":[44,151],"Existing":[45],"approaches":[46,79],"mitigate":[48],"this":[49],"risk":[50],"involve":[51],"crafting":[52],"data":[53,74],"without":[54,219],"vulnerability":[55],"and":[56,73,103,244,246],"subsequently":[57],"retraining":[58],"or":[59],"fine-tuning":[60],"the":[61,64,71,77,97,104,107,112,115,142,173,185,188,199,208,215,221,225,247,262,274,278],"model.":[62,280],"As":[63],"number":[65,86],"parameters":[67,223,236],"exceeds":[68],"a":[69,158,168],"billion,":[70],"computation":[72],"demands":[75],"above":[78],"will":[80],"be":[81,92],"enormous.":[82],"Moreover,":[83],"an":[84,127],"increasing":[85],"tend":[90],"distributed":[93],"as":[94],"services,":[95],"where":[96],"internal":[98,222],"representation":[99],"is":[100,106,155,253],"not":[101],"accessible,":[102],"API":[105],"only":[108],"way":[109],"reach":[111],"LLM,":[113],"making":[114],"mitigation":[117],"strategies":[118],"non-applicable.":[119],"To":[120],"cope":[121],"this,":[123],"we":[124],"propose":[125],"CoSec,":[126],"on-the-fly":[128],"Security":[129],"hardening":[130],"method":[131],"based":[135],"security":[137,163,256,264],"model-guided":[138],"Co-decoding,":[139],"reduce":[141],"likelihood":[143],"containing":[150],"Our":[152],"key":[153],"idea":[154],"train":[157],"separate":[159],"but":[160],"much":[161],"smaller":[162],"model":[164,176,191],"co-decode":[166],"target":[169,189,226,279],"LLM.":[171,228],"Since":[172],"trained":[174],"secure":[175,181,194],"has":[177],"higher":[178],"confidence":[179],"for":[180],"tokens,":[182],"it":[183],"guides":[184],"generation":[186,218],"base":[190,268],"towards":[192],"more":[193],"By":[197],"adjusting":[198],"probability":[200],"distributions":[201],"tokens":[203],"during":[204],"each":[205],"step":[206],"decoding":[209],"process,":[210],"our":[211,251,259],"approach":[212,252,260],"effectively":[213],"influences":[214],"tendencies":[216],"accessing":[220],"We":[229],"conducted":[231],"extensive":[232],"experiments":[233],"multiple":[238],"(i.e.,":[241],"CodeGen,":[242],"StarCoder,":[243],"DeepSeek-Coder),":[245],"results":[248],"show":[249],"effective":[254],"hardening.":[257],"Specifically,":[258],"improves":[261],"average":[263],"ratio":[265],"six":[267],"models":[269],"by":[270],"5.02%-37.14%,":[271],"while":[272],"maintaining":[273],"functional":[275],"correctness":[276]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":8}],"updated_date":"2025-12-27T23:08:20.325037","created_date":"2025-10-10T00:00:00"}