RUS  ENG
Full version
JOURNALS // Zapiski Nauchnykh Seminarov POMI // Archive

Zap. Nauchn. Sem. POMI, 2023 Volume 530, Pages 38–50 (Mi znsl7431)

Python fuzzing for trustworthy machine learning frameworks

I. Yegorovab, E. Kobrinba, D. Paryginaab, A. Vishnyakovba, A. Fedotovab

a Ivannikov Institute for System Programming of the RAS
b Lomonosov Moscow State University

Abstract: Ensuring the security and reliability of machine learning frameworks is crucial for building trustworthy AI-based systems. Fuzzing, a popular technique in the secure software development lifecycle (SSDLC), can be used to develop secure and robust software. Popular machine learning frameworks such as PyTorch and TensorFlow are complex and written in multiple programming languages including C/C++ and Python. We propose a dynamic analysis pipeline for Python projects using the Sydr-Fuzz toolset. Our pipeline includes fuzzing, corpus minimization, crash triaging, and coverage collection. Crash triaging and severity estimation are important steps to ensure that the most critical vulnerabilities are addressed promptly. Furthermore, the proposed pipeline is integrated in GitLab CI. To identify the most vulnerable parts of the machine learning frameworks, we analyze their potential attack surfaces and develop fuzz targets for PyTorch, TensorFlow, and related projects such as h5py. Applying our dynamic analysis pipeline to these targets, we were able to discover 3 new bugs and propose fixes for them.

Key words and phrases: fuzzing, trustworthy AI, machine learning framework, TensorFlow, PyTorch, Python, artificial intelligence, crash triage, dynamic analysis, secure software development lifecycle, SSDLC, computer security.

UDC: 004.852

Received: 06.09.2023

Language: English



© Steklov Math. Inst. of RAS, 2024