TensorFlow Security – 5 Major Loopholes in TensorFlow

In our previous TensorFlow tutorial, we have seen Convolutional Neural Network using TensorFlow. In this TensorFlow Security article, you will be looking at how to deal with the untrusted malicious programs (models) and the input data.

Further, you will be getting to know vulnerabilities of TensorFlow and how to report a vulnerability. Moreover, Security of TensorFlow includes major issues such as TensorFlow Models as programs, how to run untrusted models and accepting the untrusted input.

So, let’s begin TensorFlow Security.

TensorFlow Models as Programs

TensorFlow has its own runtime system which interprets and executes its programs. The programs in TensorFlow are encoded as the computation graphs and stores the parameters separately as checkpoints.

During the runtime, TensorFlow executes computation graph with the parameters given. The behavior of the graph may change depending upon the change in parameters. TensorFlow is not a sandbox in itself. While executing, TensorFlow may read and write files or send and receive the data over the network.

All of these tasks performed are done with the permission of the TensorFlow process. These things make TensorFlow a strong machine learning platform but it has its own effects on security.

The TensorFlow models are same as programs and therefore need to be taken as such from TensorFlow Security perspective.

Running Untrusted Models 

There is a general saying that an untrusted model should first execute inside a sandbox. There are many possibilities for a model to become untrusted for instance if some untrusted party provides TensorFlow kernel or provides Python code required for TensorFlow graphs.

Even if an untrusted party provides computation graph there are primitives available in TensorFlow which are powerful enough to prevent and execute the arbitrary code. But it is good to use sandboxes for the same.

TensoFlow Security is determined by the computational graph whether user provided checkpoint is safe or not. Generally creating a computational graph with malicious checkpoints can trigger unusual and unsafe behaviour.

Accepting the Untrusted Input

One can design models that are secure by providing the models with the ability to safely process the untrusted inputs assuming that they do not have any bugs.

A great way to analyze how any TensorFlow graph works, an interpreted programming language such as Python. One can write a safe Python code which can easily expose to the user given inputs but it is easy to write un-secure Python programs.

By having a bug in Python interpreter or a bug in the user library can cause a damage to secure Python code.

Vulnerabilities in TensorFlow

TensorFlow is a very big complex system which depends on several third-party libraries for its use. Therefore, it is possible for TensorFlow or its libraries to contain vulnerabilities which might trigger unexpected behaviours by providing specific inputs.

TensorFlow model can perform arbitrary computations which can read or write files or can communicate over a network. If the model performs other than these specifications then that behaviour can cause vulnerability.

For instance, considering the FileWriter in TensorFlow writing files is a usual behaviour but MatMul allowing random binary code execution is a vulnerability.

Reporting a Vulnerability

Now, we will see how to report the vulnerabilities in TensorFlow. We can directly send the reports about any security issues to [email protected].

The report to this email is delivered to the security team at TensorFlow. The emails acknowledge within 24 hours and provide a detailed response within a week along with the next steps.

So, this was all about TensorFlow Security. Hope you like our explanation.

Conclusion: TensorFlow Security

Hence, in this TensorFlow Security tutorial, you got to know about the security issues in TensorFlow and how vulnerability can cause TensorFlow to behave unexpectedly. Further, you also studied how to deal with untrusted malicious programs and report these to TensorFlow team.

At last, we discussed 5 major issues in the security of TensorFlow. Furthermore, if you have any doubt regarding TensorFlow Security, feel free to ask through the comment section.