DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Data Engineering
  3. AI/ML
  4. Five Major Loopholes in TensorFlow Security

Five Major Loopholes in TensorFlow Security

There are important loopholes in TensorFlow security that you must know.

Rinu Gour user avatar by
Rinu Gour
·
Jan. 07, 19 · Presentation
Like (3)
Save
Tweet
Share
6.84K Views

Join the DZone community and get the full member experience.

Join For Free

TensorFlow Models as Programs

TensorFlow has its own runtime system that interprets and executes its programs. The programs in TensorFlow are encoded as the computation graphs and stores the parameters separately as checkpoints.
During runtime, TensorFlow executes computation graph with the parameters given. The behavior of the graph may change depending on the change in parameters. TensorFlow is not a sandbox in itself. While executing, TensorFlow may read and write files or send and receive the data over the network. All of these tasks performed are done with the permission of the TensorFlow process. These things make TensorFlow a strong machine learning platform, but it has its own effects on security.

The TensorFlow models are the same as programs and, therefore, need to be taken as such from a TensorFlow security perspective.

Running Untrusted Models 

There is a general saying that an untrusted model should first execute inside a sandbox. There are many possibilities for a model to become untrusted. For instance, if some untrusted party provides Python code required for TensorFlow graphs.

Even if an untrusted party provides a computation graph, there are primitives available in TensorFlow that are powerful enough to prevent and execute the arbitrary code. But it is good to use sandboxes for the same.
TensoFlow Security is determined by the computational graph — whether the user provided checkpoint is safe or not. Generally, creating a computational graph with malicious checkpoints can trigger unusual and unsafe behavior.

Accepting the Untrusted Input

One can design models that are secure by providing the models with the ability to safely process the untrusted inputs assuming that they do not have any bugs.

A great way to analyze how any TensorFlow graph works is through an interpreted programming language such as Python. One can write safe Python code that can easily expose given inputs, but it is easy to write un-secure Python programs. By having a bug in your Python interpreter or a bug in the user library, it can cause damage to secure Python code.

Vulnerabilities in TensorFlow

TensorFlow is a very big complex system that depends on several third-party libraries for its use. Therefore, it is possible for TensorFlow or its libraries to contain vulnerabilities that might trigger unexpected behaviors by providing specific inputs.

The TensorFlow model can perform arbitrary computations that can read or write files or communicate over a network. If the model performs other than these specifications, then that behavior can cause vulnerability. For instance, considering the FileWriter in TensorFlow. Writing files is a usual behavior, but MatMul allowing random binary code execution is a vulnerability.

Reporting a Vulnerability

Now, we will see how to report the vulnerabilities in TensorFlow. We can directly send the reports about any security issues to TensorFlow. The report to this email is delivered to the security team at TensorFlow. The emails acknowledge within 24 hours and provide a detailed response within a week along with the next steps.

Conclusion: TensorFlow Security

Hence, in this TensorFlow security tutorial, you got to know about the security issues in TensorFlow and how vulnerability can cause TensorFlow to behave unexpectedly. Further, you also studied how to deal with untrusted malicious programs and report these to TensorFlow team. At last, we discussed five major issues in the security of TensorFlow. Furthermore, if you have any doubt regarding TensorFlow security, feel free to ask in the comment section.

TensorFlow security

Published at DZone with permission of Rinu Gour. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Architectural Miscalculation and Hibernate Problem "Type UUID but Expression Is of Type Bytea"
  • Kubernetes vs Docker: Differences Explained
  • Apache Kafka vs. Memphis.dev
  • The Real Democratization of AI, and Why It Has to Be Closely Monitored

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: