We present IvySyn, the first fully-automated framework for discovering memory error vulnerabilities in Deep Learning (DL) frameworks. IvySyn leverages the statically-typed nature of native APIs in order to automatically perform type-aware mutation-based fuzzing on low-level kernel code. Given a set of offending inputs that trigger memory safety (and runtime) errors in low-level, native DL (C/C++) code, IvySyn automatically synthesizes code snippets in high-level languages (e.g., in Python), which propagate error-triggering input via high(er)-level APIs. Such code snippets essentially act as "Proof of Vulnerability", as they demonstrate the existence of bugs in native code that an attacker can target through various high-level APIs. Our evaluation shows that IvySyn significantly outperforms past approaches, both in terms of efficiency and effectiveness, in finding vulnerabilities in popular DL frameworks. Specifically, we used IvySyn to test TensorFlow and PyTorch. Although still an early prototype, IvySyn has already helped the TensorFlow and PyTorch framework developers to identify and fix 61 previously-unknown security vulnerabilities, and assign 39 unique CVEs.

翻译：我们提出IvySyn，这是首个完全自动化的框架，用于发现深度学习（DL）框架中的内存错误漏洞。IvySyn利用原生API的静态类型特性，在底层内核代码上自动执行基于类型感知的变异模糊测试。给定一组在底层原生DL（C/C++）代码中触发内存安全（及运行时）错误的恶意输入，IvySyn自动合成高级语言（如Python）中的代码片段，这些代码片段通过高层API传播触发错误的输入。此类代码片段本质上充当“漏洞证明”，证明原生代码中存在攻击者可通过各种高层API利用的缺陷。我们的评估表明，在发现主流DL框架漏洞方面，IvySyn在效率和有效性上均显著优于先前方法。具体而言，我们使用IvySyn测试了TensorFlow和PyTorch。尽管仍处于早期原型阶段，IvySyn已帮助TensorFlow和PyTorch框架开发者识别并修复61个此前未知的安全漏洞，并分配了39个独特的CVE编号。