Brown CS Blog

IvySyn: The First Fully-Automated Framework For Discovering Memory Error Vulnerabilities In Deep Learning Frameworks


    by Neophytos Christou, Brown CS PhD candidate

    Deep Learning (DL) is a rapidly growing field that has found a set of wide-ranging applications across various industries, such as transportation, banking and finance, healthcare, and more. As the use of DL becomes more widespread, DL frameworks, such as TensorFlow and PyTorch, have, in turn, become increasingly popular, and are being used to build models that are applied even in security-critical settings. Thus, with their increasing popularity, the importance of keeping these frameworks secure has become crucial.

    To address this overarching problem, we have designed IvySyn: a fuzz testing framework that aims at automatically uncovering security vulnerabilities in DL codebases. We applied IvySyn in the two most popular DL frameworks: TensorFlow and PyTorch. These frameworks are commonly used through a set of high-level language (usually Python) APIs. However, the essential bits of their underlying DL-specific tasks are implemented in memory- and type-unsafe languages, such as C and C++. The approach of IvySyn is to employ fuzz testing to expose memory safety vulnerabilities in C/C++ code, and ultimately synthesize what we call "Proof of Vulnerability" (PoV) code snippets. These are essentially small code snippets that trigger the respective bugs discovered by IvySyn (in memory- and type-unsafe code) by invoking higher-level (e.g., Python) APIs. IvySyn's PoVs help the framework developers easily identify and fix the root cause of the discovered vulnerabilities.

    IvySyn has discovered a surprisingly large number of vulnerabilities thus far, considering that the two frameworks (i.e., TensorFlow and PyTorch) are being extensively tested for bugs by multiple parties. (For example, TensorFlow is being continuously tested by Google!) More specifically, IvySyn uncovered a total of 61 previously-unknown security vulnerabilities, across the two frameworks, 39 of which were also assigned CVEs (i.e., unique identifiers that help track software vulnerabilities). Despite being an early research prototype, IvySyn has already improved the security posture of popular DL codebases!

    If you are interested in learning more about IvySyn, check our paper that has recently been accepted at USENIX Security 2023: