Unraveling the Characterization and Propagation of Security Vulnerabilities in TensorFlow-based Deep Learning Software Supply Chain
As a widely adopted deep learning (DL) framework, TensorFlow’s vulnerabilities have the potential to affect a substantial number of DL applications throughout the software supply chain (SSC). However, Existing research lacks a comprehensive exploration of the characterization of TensorFlow vulnerabilities and the propagation of vulnerabilities on SSC. To help TensorFlow-based developers and security specialists in understanding the security risks, we construct an empirical study on 429 vulnerabilities of TensorFlow across a TensorFlow-based vulnerability SSC comprising 5790 versions across 691 affected packages constructed through the GitHub dependency graph. We observe that: 1) A predominant share (79.6%) of vulnerabilities occur in the TensorFlow’s Core modules (e.g., kernels, and ops), featuring prevalent vulnerabilities such as Reachable Assertion, Out-of-bounds Read, Improper Input Validation, and NULL Pointer Dereference. Notably, Divide By Zero vulnerabilities pose significant risks in the Lite module; 2) Vulnerability co-occurrence is observed in 20 pairs involving 50 vulnerabilities, with Heap-based Buffer Overflow vulnerabilities particularly likely to coexist with other types of vulnerabilities; 3) Packages within the Large Language Models (LLM) domain, often distributed across the third and fourth layers of the SSC, are vulnerable to TensorFlow’s security issues; 4) Many commonly utilized APIs (i.e. \emph{tf.constant, tf.concat}, and \emph{tf.range}), are implicated in TensorFlow vulnerabilities, affecting over half of all packages and, by extension, a significant portion of software within the SSC. Our findings suggest that: i)It would be better for Tensorflow developers take input validation, bounds checking, and assertion and exception handling before performing tensor operations, division operations, and pointer accesses to avoid Reachable Assertion, Divide By Zero, and memory-related vulnerabilities. ii) TensorFlow developers would be better to scrutinize the presence of memory-related vulnerabilities when encountering a vulnerability stemming from improper input validation. iii)TensorFlow-based Developers would be better to be aware of some widely used APIs that affected by vulnerabilities, such as \emph{tf.constant, tf.range, tf.concat}, and \emph{tf.reshape}.
| preprint (Internetware__Unraveling_the_Characterization_and_Propagation_of_Security_Vulnerabilities.pdf) | 1.13MiB |
| slides (interware-zhou-2025.pptx) | 18.70MiB |
Sat 21 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
14:00 - 15:30 | Session8: Software Vulnerability and Security IIIResearch Track / New Idea Track / Tool Demonstration Track at Cosmos 3C Chair(s): Lingfeng Bao Zhejiang University | ||
14:00 15mTalk | VDLS: A Vulnerability Detection Approach Based on Execution Path Selection Research Track Xuanyan Zhu Nanjing University of Aeronautics and Astronautics, Jingxuan Zhang Nanjing University of Aeronautics and Astronautics, Yixuan Tang Nanjing University of Aeronautics and Astronautics, Weiqin Zou Nanjing University of Aeronautics and Astronautics, Jiayi Li Nanjing University of Aeronautics and Astronautics, Han Luo Nanjing University of Aeronautics and Astronautics, Jiaqi Liu National Key Laborarory on Test Physics & Numerical Mathematics | ||
14:15 15mTalk | Exploring Typo Squatting Threats in the Hugging Face Ecosystem Research Track Ningyuan Li Beijing University of Technology, Yanjie Zhao Huazhong University of Science and Technology, Shenao Wang Huazhong University of Science and Technology, Zehao Wu Huazhong University of Science and Technology, Haoyu Wang Huazhong University of Science and Technology | ||
14:30 15mTalk | Unraveling the Characterization and Propagation of Security Vulnerabilities in TensorFlow-based Deep Learning Software Supply Chain Research Track Yiren Zhou Nanjing University of Aeronautics and Astronautics, Lina Gong Nanjing University of Aeronautics and Astronautic, Tiantian Ma Nanjing University of Aeronautics and Astronautics File Attached | ||
14:45 15mTalk | Seeing is (Not) Believing: The Mirage Card Attack Targeting Online Social Networks Research Track Wangchenlu Huang Beijing university of posts and telecommunications, Shenao Wang Huazhong University of Science and Technology, Yanjie Zhao Huazhong University of Science and Technology, Tianxiang Wang China United Network Communications Group Corporation Limited, Yuhao Gao China United Network Communications Group Corporation Limited, Guosheng Xu Beijing University of Posts and Telecommunications, Haoyu Wang Huazhong University of Science and Technology | ||
15:00 10mTalk | ETrace : Event-Driven Vulnerability Detection in Smart Contracts via LLM-Based Trace Analysis New Idea Track Chenyang Peng Xi'an Jiaotong University, Haijun Wang Xi'an Jiaotong University, Yin Wu Xi'an Jiaotong University, Hao Wu Xi'an JiaoTong University, Ming Fan Xi'an Jiaotong University, Yitao Zhao Yunnan Power Grid Co., Ltd, Ting Liu Xi'an Jiaotong University Pre-print | ||
15:10 10mTalk | A Natural Language Guided Adaptive Model-based Testing Tool for Autonomous Driving Tool Demonstration Track | ||
15:20 10mTalk | Software Reuse in the Generative AI Era: From Cargo Cult Towards Systematic PracticesBest New Idea Paper Award New Idea Track | ||
Cosmos 3C is the third room in the Cosmos 3 wing.
When facing the main Cosmos Hall, access to the Cosmos 3 wing is on the left, close to the stairs. The area is accessed through a large door with the number “3”, which will stay open during the event.