Events

Can GPT-4 be used to mitigate Security APIs misuse?

Electrical and Computer Engineering
Lecture / Panel
 
For NYU Community
""

Speaker

Dr. Sharif Abuadbba
Ph.D. in computer security from RMIT University, Australia.

Title

"Can GPT-4 be used to mitigate Security APIs misuse?"

Abstract

On November 6th, during OpenAI's Developer Day event, it was revealed that GPT-4, the latest iteration of their Large Language Model (LLM), is already in use by 2 million developers, with a remarkable percentage coming from the Fortune 500 companies. While many researchers are exploring the utility of code generation for uncovering software vulnerabilities, one crucial but often overlooked aspect is the Security Application Programming Interfaces (APIs). APIs play an integral role in upholding software security, yet effectively integrating security APIs presents substantial challenges. These challenges stem from factors such as usability considerations in API design, insufficient documentation, and gaps in developers' knowledge of security best practices.

Misusing API specifications, often referred to as misuse, can result in severe security vulnerabilities. This problem has prompted developers to turn to LLMs for assistance. In this presentation, we delve into the potential of LLMs, particularly GPT-4, in addressing the issue of security API misuse during software development. Together, we will assess GPT-4's performance in code generation for security-related tasks and evaluate its reliability in mitigating security API misuse.

About Speaker

Dr. Sharif Abuadbba is a Team Leader in the Distributed Systems Security, Cybersecurity and Quantum Systems Group at CSIRO's Data61, Australia. His expertise lies at the intersection of AI and cybersecurity, with a dual focus: using AI for cyber defence to protect against cyber threats and ensuring the safety and integrity of AI to prevent its misuse.

He has over 50 publications, many of which are prestigious venues such as IEEE S&P, NDSS, Usenix Security and CCS. He has also secured substantial funding for Data61 Cyber Security CRC projects, including Smart Shield, which won the iAwards NSW Australia 2022 and TAPE, which is a finalist in iAwards 2024.

Dr Abuadbba has a PhD in computer security from RMIT University, Australia. Dr Abuadbba has previously worked with California-based technology company AgilePQ Inc as a senior R&D engineer and contributed to
a number of US IP patents in cybersecurity. His recent accomplishments include prestigious honours such as the CSIRO Julius Career Award and the Data61 High-Performance Award.

Zoom Link