{"id":"https://openalex.org/W4403747722","doi":"https://doi.org/10.1145/3658644.3690298","title":"PromSec: Prompt Optimization for Secure Generation of Functional Source Code with Large Language Models (LLMs)","display_name":"PromSec: Prompt Optimization for Secure Generation of Functional Source Code with Large Language Models (LLMs)","publication_year":2024,"publication_date":"2024-12-02","ids":{"openalex":"https://openalex.org/W4403747722","doi":"https://doi.org/10.1145/3658644.3690298"},"language":"en","primary_location":{"id":"doi:10.1145/3658644.3690298","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690298","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690298","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690298","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5066904836","display_name":"Mahmoud Nazzal","orcid":"https://orcid.org/0000-0003-3375-0310"},"institutions":[{"id":"https://openalex.org/I118118575","display_name":"New Jersey Institute of Technology","ror":"https://ror.org/05e74xb87","country_code":"US","type":"education","lineage":["https://openalex.org/I118118575"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Mahmoud Nazzal","raw_affiliation_strings":["New Jersey Institute of Technology, Newark, NJ, USA"],"affiliations":[{"raw_affiliation_string":"New Jersey Institute of Technology, Newark, NJ, USA","institution_ids":["https://openalex.org/I118118575"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008374141","display_name":"Issa Khalil","orcid":"https://orcid.org/0000-0002-7660-9512"},"institutions":[{"id":"https://openalex.org/I1301390666","display_name":"Qatar Airways (Qatar)","ror":"https://ror.org/01hx00y13","country_code":"QA","type":"company","lineage":["https://openalex.org/I1301390666"]}],"countries":["QA"],"is_corresponding":false,"raw_author_name":"Issa Khalil","raw_affiliation_strings":["Qatar Computing Research Institute, Doha, Qatar"],"affiliations":[{"raw_affiliation_string":"Qatar Computing Research Institute, Doha, Qatar","institution_ids":["https://openalex.org/I1301390666"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062119199","display_name":"Abdallah Khreishah","orcid":"https://orcid.org/0000-0003-1583-713X"},"institutions":[{"id":"https://openalex.org/I118118575","display_name":"New Jersey Institute of Technology","ror":"https://ror.org/05e74xb87","country_code":"US","type":"education","lineage":["https://openalex.org/I118118575"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Abdallah Khreishah","raw_affiliation_strings":["New Jersey Institute of Technology, Newark, NJ, USA"],"affiliations":[{"raw_affiliation_string":"New Jersey Institute of Technology, Newark, NJ, USA","institution_ids":["https://openalex.org/I118118575"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060481572","display_name":"NhatHai Phan","orcid":"https://orcid.org/0000-0002-1032-8275"},"institutions":[{"id":"https://openalex.org/I118118575","display_name":"New Jersey Institute of Technology","ror":"https://ror.org/05e74xb87","country_code":"US","type":"education","lineage":["https://openalex.org/I118118575"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"NhatHai Phan","raw_affiliation_strings":["New Jersey Institute of Technology, Newark, NJ, USA"],"affiliations":[{"raw_affiliation_string":"New Jersey Institute of Technology, Newark, NJ, USA","institution_ids":["https://openalex.org/I118118575"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5066904836"],"corresponding_institution_ids":["https://openalex.org/I118118575"],"apc_list":null,"apc_paid":null,"fwci":13.0123,"has_fulltext":true,"cited_by_count":17,"citation_normalized_percentile":{"value":0.98690654,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"2266","last_page":"2280"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.9886999726295471,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9488999843597412,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8295432329177856},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.6812692880630493},{"id":"https://openalex.org/keywords/code-generation","display_name":"Code generation","score":0.6208526492118835},{"id":"https://openalex.org/keywords/source-code","display_name":"Source code","score":0.5423977375030518},{"id":"https://openalex.org/keywords/python","display_name":"Python (programming language)","score":0.5417765378952026},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4667983651161194},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.42824018001556396},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3584732413291931},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.24558734893798828},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.10643109679222107},{"id":"https://openalex.org/keywords/security-service","display_name":"Security service","score":0.08858773112297058}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8295432329177856},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.6812692880630493},{"id":"https://openalex.org/C133162039","wikidata":"https://www.wikidata.org/wiki/Q1061077","display_name":"Code generation","level":3,"score":0.6208526492118835},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.5423977375030518},{"id":"https://openalex.org/C519991488","wikidata":"https://www.wikidata.org/wiki/Q28865","display_name":"Python (programming language)","level":2,"score":0.5417765378952026},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4667983651161194},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.42824018001556396},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3584732413291931},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.24558734893798828},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.10643109679222107},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.08858773112297058},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3658644.3690298","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690298","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690298","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2409.12699","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2409.12699","pdf_url":"https://arxiv.org/pdf/2409.12699","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3658644.3690298","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3658644.3690298","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3658644.3690298","source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/17","score":0.41999998688697815,"display_name":"Partnerships for the goals"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4403747722.pdf"},"referenced_works_count":28,"referenced_works":["https://openalex.org/W354493725","https://openalex.org/W569478347","https://openalex.org/W1707430307","https://openalex.org/W1994616650","https://openalex.org/W2511803001","https://openalex.org/W2806377938","https://openalex.org/W2899171197","https://openalex.org/W2907705732","https://openalex.org/W2963169753","https://openalex.org/W2963241486","https://openalex.org/W2963762601","https://openalex.org/W3014339000","https://openalex.org/W3035524453","https://openalex.org/W3043078865","https://openalex.org/W3126095862","https://openalex.org/W3185341429","https://openalex.org/W4210257598","https://openalex.org/W4212897670","https://openalex.org/W4281669078","https://openalex.org/W4288057765","https://openalex.org/W4315815628","https://openalex.org/W4320560161","https://openalex.org/W4384345648","https://openalex.org/W4385080397","https://openalex.org/W4385187421","https://openalex.org/W4386187806","https://openalex.org/W4388858772","https://openalex.org/W4391558462"],"related_works":["https://openalex.org/W2789551765","https://openalex.org/W2292865721","https://openalex.org/W4319165526","https://openalex.org/W2469491375","https://openalex.org/W3081644756","https://openalex.org/W3122369893","https://openalex.org/W2394062615","https://openalex.org/W2407476586","https://openalex.org/W4399511371","https://openalex.org/W2048831961"],"abstract_inverted_index":{"The":[0],"capability":[1],"of":[2,101,143,209,249],"generating":[3,154],"high-quality":[4],"source":[5],"code":[6,40,55,64,88,165,172,191,255],"using":[7,57,67,90],"large":[8],"language":[9],"models":[10],"(LLMs)":[11],"reduces":[12],"software":[13,262],"development":[14],"time":[15],"and":[16,38,53,79,86,129,150,163,212,233,253],"costs.":[17,215],"However,":[18],"they":[19],"often":[20],"introduce":[21],"security":[22,81,173,213],"vulnerabilities":[23,82,237],"due":[24],"to":[25,77,110,138,188,227,235],"training":[26],"on":[27,161],"insecure":[28],"open-source":[29],"data.":[30],"This":[31,42,240],"highlights":[32],"the":[33,99,102,105,141,247],"need":[34],"for":[35,48,51,153,221,251],"ensuring":[36],"secure":[37,52,112,252],"functional":[39,156,254],"generation.":[41],"paper":[43],"introduces":[44],"PromSec,":[45,60],"an":[46,91,94,202],"algorithm":[47],"prom":[49],"optimization":[50,134],"functioning":[54],"generation":[56,89,130],"LLMs.":[58],"In":[59],"we":[61,126],"combine":[62],"1)":[63],"vulnerability":[65],"clearing":[66],"a":[68,119,132,148,184,222,243],"generative":[69],"adversarial":[70],"graph":[71],"neural":[72],"network,":[73],"dubbed":[74],"as":[75,131],"gGAN,":[76,125],"fix":[78],"reduce":[80,140],"in":[83,124,205,238,245],"generated":[84],"codes":[85,113],"2)":[87],"LLM":[92,106,144,210,224],"into":[93,260],"interactive":[95],"loop,":[96],"such":[97],"that":[98,168,182],"outcome":[100],"gGAN":[103],"drives":[104],"with":[107,219],"enhanced":[108],"prompts":[109,217],"generate":[111],"while":[114,174,183],"preserving":[115],"their":[116,258],"functionality.":[117,178],"Introducing":[118],"new":[120],"contrastive":[121],"learning":[122],"approach":[123,186],"formulate":[127],"code-clearing":[128],"dual-objective":[133],"problem,":[135],"enabling":[136],"PromSec":[137,146,169,193,198,220],"notably":[139],"number":[142,208],"inferences.":[145],"offers":[147],"cost-effective":[149],"practical":[151],"solution":[152],"secure,":[155],"code.":[157],"Extensive":[158],"experiments":[159,180],"conducted":[160],"Python":[162],"Java":[164],"datasets":[166],"confirm":[167],"effectively":[170,194],"enhances":[171],"upholding":[175],"its":[176],"intended":[177],"Our":[179],"show":[181],"state-of-the-art":[185],"fails":[187],"address":[189],"all":[190],"vulnerabilities,":[192],"resolves":[195],"them.":[196],"Moreover,":[197],"achieves":[199],"more":[200],"than":[201],"order-of-magnitude":[203],"reduction":[204],"operation":[206],"time,":[207],"queries,":[211],"analysis":[214],"Furthermore,":[216],"optimized":[218],"certain":[223],"are":[225],"transferable":[226],"other":[228],"LLMs":[229,250],"across":[230],"programming":[231],"languages":[232],"generalizable":[234],"unseen":[236],"training.":[239],"study":[241],"is":[242],"step":[244],"enhancing":[246],"trustworthiness":[248],"generation,":[256],"supporting":[257],"integration":[259],"real-world":[261],"development.":[263]},"counts_by_year":[{"year":2026,"cited_by_count":5},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":2}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}