-
Notifications
You must be signed in to change notification settings - Fork 13
/
security.html
172 lines (147 loc) · 10.5 KB
/
security.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
---
title: The Institute for Ethical AI & Machine Learning
description: The Institute for Ethical AI & Machine Learning is a Europe-based research centre that brings togethers technologists, academics and policy-makers to develop industry frameworks that support the responsible development, design and operation of machine learning systems.
---
<html>
<head>
{% include header.html %}
</head>
<body>
<div id="page-wrapper">
{% include navbar.html %}
<section id="banner" style="font-size: 11pt">
<div class="content" style="text-align: center">
<img class="logo-image" src="images/logos/eml-logo-white.png" alt="" style="max-width: 440px; width: 80%; margin-top: 30px" />
<header>
<h2 style="font-size: 4em; color: #01C3A7; font-weight: bold; text-align: center; line-height: 1.3em; margin-bottom: 20px">The MLSecOps Top 10</h2>
<p style="font-weight: bold; max-width: 850px; font-size: 1.25em">
The <a href="#four">MLSecOps Top 10</a> is an initiative that aims to further the field of machine learning security by identifying the top 10 most common vulnerabiliites in the machine learning lifecycle. This project aims to provide an evaluation of security vulnerabilities analogous to the <a href="https://owasp.org/www-project-top-ten/">"OWASP Top 10 Report"</a> but with a focus on machine learning security.
</p>
<br>
<p style="font-weight: bold; max-width: 850px; font-size: 1.25em">
The MLSecOps Top 10 also includes a set of practical hands-on examples of each of these vulnerabilities, as well as the best practices to address them - all the content is <a href="https://github.com/EthicalML/fml-security">available open source</a>. If you're interested to learn more or get involved, <a href="/index.html#contact">get in touch</a>.
</p>
</header>
<br>
</div>
<a href="#one" class="goto-next scrolly">Next</a>
</section>
<section id="one" class="spotlight style1 bottom">
<span class="image fit main"><img src="images/dots-vision.jpg" alt="" /></span>
<div class="content">
<header class="major">
<h2>
The MLSecOps Top 10
</h2>
<h3>
Combining cutting edge research tools with best practices & processes to ensure machine learning systems are secure and undesired vulnerabilities are mitigated. Check out the <a href="#mlsecops-video">resources and video below</a> which cover MLSecOps from a conceptual and practical perspective.
<br>
<br>
The MLSecOps Top 10 is <a href="https://github.com/EthicalML/fml-security">open source</a>, and converts the <a href="https://ethical.institute/principles.html">Principles for Responsible Machine Learning</a> into a practical tool + process approach.
</h3>
</header>
</div>
</section>
<section id="four" class="wrapper style1 special fade-up">
<div class="container">
<div class="row 150%">
<div class="4u 12u$(medium)" id="overview">
<!-- Sidebar -->
<section id="sidebar">
<section>
<h3>Contributing to Trusted AI</h3>
<p>We are currently contributing to the <a href="https://lfaidata.foundation/projects/trusted-ai/">Linux Foundation Trusted AI Group</a> as organisational member on the Machine Learning Security committee to define cross-functional principles and resources.</p>
<a href="#" class="image fit"><img src="images/xai-computer.png" alt="" /></a>
<h3>Free as in freedom</h3>
<p>The MLSecOps Top 10 is open source and it <a href="https://github.com/EthicalML/fml-security">is available at GitHub</a>.</p>
<h3>Maintained with ♥ by our members</h3>
<p>The codebase is maintained by the <a href="/index.html#network">Ethical AI Network</a> which is a global community of technologists and domain experts</p>
</section>
</section>
</div>
<div class="8u$ 12u$(medium) important(medium)">
<!-- Content -->
<section id="content">
<h3>The MLSecOps Top 10 Vulnerabilities</h3>
<p>The table below outlines the top 10 vulnerabilities for both the Open Web Application Security Project (OWASP) as well as the MLSecOps equivalent. You will be able to find a hands on set of examples to understand the "Flawed Machine Learning" cases together with solutions in <a href="https://github.com/EthicalML/fml-security">the project repository.</a></p>
<div class="table-wrapper">
<table class="alt">
<thead class="table-head">
<tr>
<td> # </td>
<td> OWASP Vulnerability </td>
<td> MLSecOps Equivalent </td>
</tr>
</thead>
<tbody>
<tr>
<td> 1 </td>
<td> Broken Access Control </td>
<td> Unrestricted Model Endpoints </td>
</tr>
<tr>
<td> 2 </td>
<td> Cryptographic Failures </td>
<td> Access to Model Artifacts </td>
</tr>
<tr>
<td> 3 </td>
<td> Injection </td>
<td> Artifact Exploit Injection </td>
</tr>
<tr>
<td> 4 </td>
<td> Insecure Design </td>
<td> Insecure ML Systems/Pipeline Design </td>
</tr>
<tr>
<td> 5 </td>
<td> Security Misconfigurations </td>
<td> Data & ML Infrastructure Misconfigurations </td>
</tr>
<tr>
<td> 6 </td>
<td> Vulnerable & Outdated Components </td>
<td> Supply Chain Vulnerabilities in ML Code </td>
</tr>
<tr>
<td> 7 </td>
<td> Identification & Auth Failures </td>
<td> IAM & RBAC Failures for ML Services </td>
</tr>
<tr>
<td> 8 </td>
<td> Software and Data Integrity Failures </td>
<td> ML Infra / ETL / CI / CD Integrity Failures </td>
</tr>
<tr>
<td> 9 </td>
<td> Logging and Monitoring Failures </td>
<td> Observability, Reproducibility & Lineage </td>
</tr>
<tr>
<td> 10 </td>
<td> Server-side Request Forgery </td>
<td> ML-Server Side Request Forgery </td>
</tr>
</table>
</div>
<p>If you are curious to learn more about the OWASP Top 10 you can check out <a href="https://owasp.org/www-project-top-ten/">the official report website.</a> Below you can see a preview of each the report for 2017 compared to the 2021 highlights.</p>
<img src="images/owasp.png" style="width: 100%">
<br><br>
<h3 id="mlsecops-video">Check out our hands on case study where we introduce the MLSecOps Top 10 vulnerabilities through hands on examples showcasing "Flawed Machine Learning", and then providing best practices and tools that can be used to address some of these machine learning security considerations. <a href="https://www.youtube.com/watch?v=7XSy5aw8oU8">Watch the technical video below.</a></h3>
<p style="width: 80%; margin: auto"><a href="https://www.youtube.com/watch?v=sCOmXwFEVpI" rel="nofollow"><img src="images/security.jpg" style="max-width:100%;"></a></p>
<hr/>
</section>
</div>
</section>
</div>
</div>
</div>
</section>
<section id="five" class="wrapper style1 special fade-up">
</section>
{% include apply-form.html %}
{% include footer.html %}
</body>
</html>