Adding LLM4GW

LLM4GW.html

@@ -0,0 +1,100 @@
+<!doctype html>
+<html>
+
+<head>
+	<!-- Google tag (gtag.js) -->
+	<script async src="https://www.googletagmanager.com/gtag/js?id=G-EER1LDV4TH"></script>
+	<script>
+	window.dataLayer = window.dataLayer || [];
+	function gtag(){dataLayer.push(arguments);}
+	gtag('js', new Date());
+
+	gtag('config', 'G-EER1LDV4TH');
+	</script>
+  <title>LLM4GW</title>
+  <meta charset="utf-8" name="viewport" content="width=device-width, initial-scale=1">
+  <link href="css/frame.css" media="screen" rel="stylesheet" type="text/css" />
+  <link href="css/controls.css" media="screen" rel="stylesheet" type="text/css" />
+  <link href="css/custom.css" media="screen" rel="stylesheet" type="text/css" />
+  <link href='https://fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'>
+  <link href='https://fonts.googleapis.com/css?family=Open+Sans+Condensed:300,700' rel='stylesheet' type='text/css'>
+  <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,700" rel="stylesheet">
+  <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
+  <script src="js/menu.js"></script>
+  <style>
+    .menu-index {
+      color: rgb(255, 255, 255) !important;
+      opacity: 1 !important;
+      font-weight: 700 !important;
+    }
+  </style>
+</head>
+
+<body>
+  <div class="menu-container"></div>
+  <div class="content-container">
+    <div class="content">
+      <div class="content-table flex-column">
+        <!-------------------------------------------------------------------------------------------->
+        <!--Start LLM4GW-->
+		<div class="flex-row">
+      <div class="flex-item flex-column">
+        <h2 class="add-top-margin">LLM4GW</h2>
+        <hr>
+        <p style="font-size:14pt;">
+          LLM4GW is the first comprehensive study to assess how effective Large Language Models (LLMs) are for tasks related to GitHub workflows. While LLMs have shown effectiveness in software development tasks like coding and testing, GitHub workflows are distinct from regular code in terms of structure, semantics, and security properties. 
+        </p>
+        <p style="font-size:14pt;">
+          We curated a dataset of around 400,000 workflows based on ARGUS dataset, generated prompts with varying levels of detail, and fine-tuned three state-of-the-art LLMs: GPT-3.5, CodeLlama, and StarChat. We evaluated the performance of these LLMs, both off-the-shelf and fine-tuned, on five workflow-related tasks: workflow generation, defect detection (syntactic errors and code injection vulnerabilities), and defect repair. The evaluation encompassed different prompting modes (zero-shot, one-shot) and involved identifying the best-performing temperature value and prompt for each LLM and task.
+        </p>
+        <p style="font-size:14pt;">
+          The study revealed that, unlike regular code generation, LLMs require detailed prompts to generate the desired workflows, but these detailed prompts can lead to invalid workflows with syntactic errors. Additionally, the LLMs were found to produce workflows with code injection vulnerabilities. The research also highlights the need for novel LLM-assisted techniques, as the current LLMs were found to be ineffective at repairing workflow defects. 
+        </p>
+
+        <h2 class="add-top-margin">Paper</h2>
+        <p style="font-size:14pt;">
+          <a href="https://dl.acm.org/doi/10.1145/3664476.3664497" target="_blank">Our paper</a> is accepted at ARES '24.
+
+        <h2 class="add-top-margin">Code</h2>
+        <p style="font-size:14pt;">
+          Our code is opensourced on <a href="https://github.com/purs3lab/LLMs4GitHubWorkflows" target="_blank"> GitHub</a>. Please check out the repository for more details. 
+        </p>
+        <h2 class="add-top-margin">Bibtex</h2>
+  <pre>
+    @inproceedings{10.1145/3664476.3664497,
+      author = {Zhang, Xinyu and Muralee, Siddharth and Cherupattamoolayil, Sourag and Machiry, Aravind},
+      title = {On the Effectiveness of Large Language Models for GitHub Workflows},
+      year = {2024},
+      isbn = {9798400717185},
+      publisher = {Association for Computing Machinery},
+      address = {New York, NY, USA},
+      url = {https://doi.org/10.1145/3664476.3664497},
+      doi = {10.1145/3664476.3664497},
+      booktitle = {Proceedings of the 19th International Conference on Availability, Reliability and Security},
+      articleno = {32},
+      numpages = {14},
+      location = {Vienna, Austria},
+      series = {ARES '24}
+    }
+  </pre>
+  </div>
+    </div>
+    <!--End LLM4GW-->
+
+        <!--Start Credits-->
+        <div class="flex-row">
+          <div class="flex-item flex-item-stretch flex-column">
+			<br /><br />
+            <p class="text text-small text-italic">
+              LLM4GW | <span class="highlight-text">PurS3 Lab</span> at <span class="highlight-text">Purdue University</span> | <span class="highlight-text">PurSec Lab</span> at <span class="highlight-text">Purdue University</span> | <span class="highlight-text">WSPR Lab</span> at <span class="highlight-text">North Carolina State University</span>
+            </p>
+          </div>
+        </div>
+        <!--End Credits-->
+        <!-------------------------------------------------------------------------------------------->
+      </div>
+    </div>
+  </div>
+</body>
+
+</html>

argus.html

@@ -55,10 +55,18 @@ <h2 class="add-top-margin"> Github's Blog </h2>
             <p style="font-size:14pt;">
              GitHub published a <a href="https://github.blog/2023-08-09-four-tips-to-keep-your-github-actions-workflows-secure/" target="_blank">blog post</a> about our findings and also mentioned our tool. We are grateful for the support provided by them throughout our research.
 
+            <h2 class="add-top-margin">Paper</h2>
+            <p style="font-size:14pt;">
+              <a href="https://www.usenix.org/conference/usenixsecurity23/presentation/muralee" target="_blank">Our paper</a> is accepted at USENIX Security '23.
+
             <h2 class="add-top-margin">Code</h2>
             <p style="font-size:14pt;">
               Our tool is opensourced on <a href="https://github.com/purs3lab/ARGUS" target="_blank"> GitHub</a>. Please check out the repository for more details. 
             </p>
+            <h2 class="add-top-margin">PoCs</h2>
+            <p style="font-size:14pt;">
+              We have developed PoCs for some randomly picked vulnerable workflows. The PoCs are currently restricted to induviduals who's identities we can verfiy, to prevent any misuse. If you are interested in obtaining the PoCs, please follow the steps mentioned <a href="dataset.html">here</a>. You can select the PoC option while filling the form. 
+            </p>
             <h2 class="add-top-margin">Bibtex</h2>
 			<pre>
         @inproceedings{muralee2023Argus,
@@ -83,7 +91,7 @@ <h2 class="add-top-margin">Bibtex</h2>
 
         <!-------------------------------------------------------------------------------------------->
         <!--Start Team-->
-		<div class="flex-row">
+		<!-- <div class="flex-row">
           <div class="flex-item flex-column">
             <h2 class="add-top-margin">Team</h2>
 			<hr>
@@ -96,7 +104,7 @@ <h2 class="add-top-margin">Team</h2>
 				<img src="./img/ncsu.png" height = "125" alt="ncsu" align="center" />
 			</div>
 		  </div>
-        </div>	
+        </div>	 -->
         <!--End Team-->
         <!-------------------------------------------------------------------------------------------->
         <!--Start Credits-->

dataset.html

@@ -11,7 +11,7 @@
 
     gtag('config', 'G-EER1LDV4TH');
   </script>
-  <title>ARGUS</title>
+  <title>SecureCI</title>
   <meta charset="utf-8" name="viewport" content="width=device-width, initial-scale=1">
   <link href="https://use.fontawesome.com/releases/v5.2.0/css/all.css" media="screen" rel="stylesheet" type="text/css" />
   <link href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/themes/base/jquery-ui.css" media="screen" rel="stylesheet" type="text/css" />
@@ -44,17 +44,18 @@
         <!-------------------------------------------------------------------------------------------->
         <div class="flex-row">
           <div class="flex-item flex-column">
-            <h2 class="add-top-margin">Argus Dataset Policy</h2>
+            <h2 class="add-top-margin">Dataset Policy</h2>
             <hr>
             <p style="font-size:14pt;">
-            We are delighted to share the ARGUS dataset and believe it will be a valuable resource for your research. However, to prevent any potential misuse, we kindly request that you fill out a request form to confirm your identity and outline the scope of your research. Once we have verified these details, we will provide you with the download link for the ARGUS dataset.
+            We are delighted to share our datasets and believe they will be valuable resources for your research. However, to prevent any potential misuse, we kindly request that you fill out a request form to confirm your identity and outline the scope of your research. Once we have verified these details, we will provide you with the download link for the datasets.
             </p>
 			<p style="font-size:16pt;"><strong>
 				Request Steps:
 			</strong></p>
 			<p style="font-size:14pt;">
-				<strong>1. Please open the <a href="https://forms.gle/SmzyqhtLNrvvZ8x37" target="_blank">online request form</a> in a browser.</strong><br />
+				<strong>1. Please open the online request form</a> in a browser.</strong><br />
 				Link to ARGUS Dataset Request Form: <a href="https://forms.gle/SmzyqhtLNrvvZ8x37" target="_blank">https://forms.gle/SmzyqhtLNrvvZ8x37</a><br />
+        Link to LLM4GW Dataset Request Form: <a href="https://forms.gle/gyASp6NxMMtNexwh6" target="_blank">hhttps://forms.gle/gyASp6NxMMtNexwh6</a><br />
 				(If you are unable to access the page, please contact us by email.)
 			</p>
 			<p style="font-size:14pt;">
@@ -88,7 +89,7 @@ <h2 class="add-top-margin">Argus Dataset Policy</h2>
             <h2 class="add-top-margin">Disclaimer & Download Agreement</h2>
 			<hr>
 			<p style="font-size:14pt;">
-				To download the ARGUS dataset, you must agree with the items of the succeeding Disclaimer & Download Agreement. You should carefully read the following terms before submitting the ARGUS Dataset request form.
+				To download our datasets, you must agree with the items of the succeeding Disclaimer & Download Agreement. You should carefully read the following terms before submitting the Dataset Request Form.
 			</p>
 			<ul>
 				<li style="font-size:14pt;">ARGUS Dataset is constructed and cross-checked by 2 experts that work in workflow security research. Due to the potential misclassification led by subjective factors, our members cannot guarantee a 100% accuracy for samples in the dataset.</li>
@@ -97,12 +98,12 @@ <h2 class="add-top-margin">Disclaimer & Download Agreement</h2>
 				<br />
 				<li style="font-size:14pt;">The purpose of using the dataset should be non-commercial research and/or personal use. The dataset should not be used for commercial use and any profitable purpose.</li>
 				<br />
-				<li style="font-size:14pt;">The ARGUS dataset should not be re-selled or re-distributed. Anyone who has obtained ARGUS should not share the dataset with others without the permission from our team.</li>
+				<li style="font-size:14pt;">The dataset should not be re-selled or re-distributed. Anyone who has obtained the dataset should not share the dataset with others without the permission from our team.</li>
 			</ul>
 		  </div>
 		</div>
         <!-------------------------------------------------------------------------------------------->
-		<div class="flex-row">
+		<!-- <div class="flex-row">
           <div class="flex-item flex-column">
             <h2 class="add-top-margin">Citation</h2>
 			<hr>
@@ -117,7 +118,7 @@ <h2 class="add-top-margin">Citation</h2>
           year={2023},
         }</pre>
 		  </div>
-		</div>
+		</div> -->
 		<!-------------------------------------------------------------------------------------------->
 
           <div class="flex-row">
@@ -145,7 +146,7 @@ <h2 class="add-top-margin">Dataset Shared With</h2>
           <div class="flex-item flex-item-stretch flex-column">
 			<br />
             <p class="text text-small text-italic">
-				      ARGUS | <span class="highlight-text">PurS3 Lab</span> at <span class="highlight-text">Purdue University</span> | <span class="highlight-text">PurSec Lab</span> at <span class="highlight-text">Purdue University</span> | <span class="highlight-text">WSPR Lab</span> at <span class="highlight-text">North Carolina State University</span>
+				      SecureCI | <span class="highlight-text">PurS3 Lab</span> at <span class="highlight-text">Purdue University</span> | <span class="highlight-text">PurSec Lab</span> at <span class="highlight-text">Purdue University</span> | <span class="highlight-text">WSPR Lab</span> at <span class="highlight-text">North Carolina State University</span>
             </p>
           </div>
         </div>

file/LLM4GW.bib

@@ -0,0 +1,15 @@
+@inproceedings{10.1145/3664476.3664497,
+    author = {Zhang, Xinyu and Muralee, Siddharth and Cherupattamoolayil, Sourag and Machiry, Aravind},
+    title = {On the Effectiveness of Large Language Models for GitHub Workflows},
+    year = {2024},
+    isbn = {9798400717185},
+    publisher = {Association for Computing Machinery},
+    address = {New York, NY, USA},
+    url = {https://doi.org/10.1145/3664476.3664497},
+    doi = {10.1145/3664476.3664497},
+    booktitle = {Proceedings of the 19th International Conference on Availability, Reliability and Security},
+    articleno = {32},
+    numpages = {14},
+    location = {Vienna, Austria},
+    series = {ARES '24}
+}