Python fuzzing for trustworthy machine learning frameworks

I. Yegorov; E. Kobrin; D. Parygina; A. Vishnyakov; A. Fedotov

I. Yegorov ; E. Kobrin ; D. Parygina ; A. Vishnyakov ; A. Fedotov

Zapiski Nauchnykh Seminarov POMI, Investigations on applied mathematics and informatics. Part II–2, Tome 530 (2023), pp. 38-50

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

Ensuring the security and reliability of machine learning frameworks is crucial for building trustworthy AI-based systems. Fuzzing, a popular technique in the secure software development lifecycle (SSDLC), can be used to develop secure and robust software. Popular machine learning frameworks such as PyTorch and TensorFlow are complex and written in multiple programming languages including C/C++ and Python. We propose a dynamic analysis pipeline for Python projects using the Sydr-Fuzz toolset. Our pipeline includes fuzzing, corpus minimization, crash triaging, and coverage collection. Crash triaging and severity estimation are important steps to ensure that the most critical vulnerabilities are addressed promptly. Furthermore, the proposed pipeline is integrated in GitLab CI. To identify the most vulnerable parts of the machine learning frameworks, we analyze their potential attack surfaces and develop fuzz targets for PyTorch, TensorFlow, and related projects such as h5py. Applying our dynamic analysis pipeline to these targets, we were able to discover 3 new bugs and propose fixes for them.

Export
Comment citer

@article{ZNSL_2023_530_a3,
     author = {I. Yegorov and E. Kobrin and D. Parygina and A. Vishnyakov and A. Fedotov},
     title = {Python fuzzing for trustworthy machine learning frameworks},
     journal = {Zapiski Nauchnykh Seminarov POMI},
     pages = {38--50},
     publisher = {mathdoc},
     volume = {530},
     year = {2023},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/ZNSL_2023_530_a3/}
}

TY  - JOUR
AU  - I. Yegorov
AU  - E. Kobrin
AU  - D. Parygina
AU  - A. Vishnyakov
AU  - A. Fedotov
TI  - Python fuzzing for trustworthy machine learning frameworks
JO  - Zapiski Nauchnykh Seminarov POMI
PY  - 2023
SP  - 38
EP  - 50
VL  - 530
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/ZNSL_2023_530_a3/
LA  - en
ID  - ZNSL_2023_530_a3
ER  -

%0 Journal Article
%A I. Yegorov
%A E. Kobrin
%A D. Parygina
%A A. Vishnyakov
%A A. Fedotov
%T Python fuzzing for trustworthy machine learning frameworks
%J Zapiski Nauchnykh Seminarov POMI
%D 2023
%P 38-50
%V 530
%I mathdoc
%U http://geodesic.mathdoc.fr/item/ZNSL_2023_530_a3/
%G en
%F ZNSL_2023_530_a3

I. Yegorov; E. Kobrin; D. Parygina; A. Vishnyakov; A. Fedotov. Python fuzzing for trustworthy machine learning frameworks. Zapiski Nauchnykh Seminarov POMI, Investigations on applied mathematics and informatics. Part II–2, Tome 530 (2023), pp. 38-50. http://geodesic.mathdoc.fr/item/ZNSL_2023_530_a3/

Parcourir par

Geodesic

Parcourir par