Security Analysis of Code Bloat in Machine Learning Systems
dc.contributor.author | Ahmed, Fahmi Abdulqadir | |
dc.contributor.author | Fatih, Dyako | |
dc.contributor.department | Chalmers tekniska högskola / Institutionen för data och informationsteknik | sv |
dc.contributor.examiner | Leitner, Philipp | |
dc.contributor.supervisor | Hassan, Ahmed Ali-Eldin | |
dc.date.accessioned | 2022-07-07T11:57:30Z | |
dc.date.available | 2022-07-07T11:57:30Z | |
dc.date.issued | 2022 | sv |
dc.date.submitted | 2020 | |
dc.description.abstract | Code bloat is a significant issue in modern software systems as they continue to increase in size and complexity. Furthermore, with the widespread adoption of containerized applications, there is an abundance of unneeded packages that suffer from a wide range of vulnerabilities. In this thesis, we analyze the prevalence of security vulnerabilities in containers used for Machine Learning (ML) systems. We consider two popular ML frameworks, namely, PyTorch and TensorFlow. Making use of container scanning tools, we observed over 100 Common Vulnerabilities and Exposures (CVE) in the tested containers. Our experiments show that debloating using Cimplifier leads to a reduction in the image sizes of up to 49% and a reduction of vulnerabilities of at least 87%. The majority of the removed CVEs can be attributed to the removal of bloat specific to redundant parts of the containers’ installed OS packages. A smaller portion of the CVEs detected in the Python packages were removed by Cimplifier. | sv |
dc.identifier.coursecode | DATX05 | sv |
dc.identifier.uri | https://hdl.handle.net/20.500.12380/305124 | |
dc.language.iso | eng | sv |
dc.setspec.uppsok | Technology | |
dc.subject | Security | sv |
dc.subject | Debloating | sv |
dc.subject | Vulnerability Scanning | sv |
dc.subject | Machine Learning Systems | sv |
dc.subject | Containers | sv |
dc.subject | Docker | sv |
dc.title | Security Analysis of Code Bloat in Machine Learning Systems | sv |
dc.type.degree | Examensarbete för masterexamen | sv |
dc.type.uppsok | H |
Ladda ner
Original bundle
1 - 1 av 1
Hämtar...
- Namn:
- CSE 22-32 Ahmed Faith.pdf
- Storlek:
- 1.64 MB
- Format:
- Adobe Portable Document Format
- Beskrivning:
- Master’s thesis in Computer science and engineering
License bundle
1 - 1 av 1
Hämtar...
- Namn:
- license.txt
- Storlek:
- 1.51 KB
- Format:
- Item-specific license agreed upon to submission
- Beskrivning: