Automated Code Annotation with LLMs for Establishing TEE Boundaries
Varun Gadey
Network and Distributed System Security (NDSS) Symposium 2026 · Day 1 · Trusted Execution
Deciding which code should run inside a **Trusted Execution Environment (TEE)** versus untrusted space is a critical security decision that has traditionally required manual analysis -- a process that is time-consuming, error-prone, and does not scale to large codebases. This talk presents an automated tool that uses **fine-tuned large language models** to predict at the line level which code is security-sensitive and should be placed within TEE boundaries, achieving **97% precision and recall** at the line level and **zero false positives and false negatives** at the function level.
AI review
An LLM-based tool for automatically identifying security-sensitive code around cryptographic operations to establish TEE boundaries. The 97% accuracy numbers look good but the scope is narrow (only cryptography-adjacent code), the dataset is small, and there's no offensive security content. This is ML engineering applied to a systems security problem.