This work addresses cross-component interface vulnerabilities that undermine software isolation mechanisms and jeopardize overall system security. The paper presents the first automated program repair framework that integrates component isolation semantics: it employs specialized fuzzing to discover interface vulnerabilities, leverages isolation-aware static and dynamic analyses to guide large language models in generating repair patches, and incorporates a closed-loop validation mechanism to evaluate patch effectiveness. The proposed approach significantly outperforms baseline methods that directly invoke general-purpose large language models, successfully producing valid repairs for representative vulnerabilities and effectively addressing the limitations of existing models in understanding isolation semantics.

Software compartmentalization breaks down an application into compartments isolated from each other: an attacker taking over a compartment will be confined to it, limiting the damage they can cause to the rest of the application. Despite the security promises of this approach, recent studies have shown that most existing compartmentalized software is plagued by vulnerabilities at cross-compartment interfaces, allowing an attacker taking over a compartment to escape its confinement and negate the security guarantees expected from compartmentalization. In that context, securing cross-compartment interfaces is notoriously difficult and engineering-intensive. In light of recent advances in Automated Program Repair (APR), notably through the use of Large Language Models (LLMs), this paper presents a work in progress investigating the suitability of LLM-based APR at securing cross-compartment interfaces as automatically as possible. We observe that existing APR approaches and general purpose/code-centric LLMs used as is are unfit for this task, and present the design, implementation, and early results of a new APR framework dedicated to compartment interface safety. The framework integrates into a feedback loop 1) a specialized fuzzer uncovering cross-compartment interface vulnerabilities; 2) a patch generation component bridging the lack of compartmentalization awareness of existing LLMs with a series of analysis techniques; and 3) a patch validation component assessing the effectiveness of generated vulnerability fixes. We validate our framework over a sample interface vulnerability, comparing it to a naive use of general-purpose LLMs, and discuss future research avenues.