From e0abb90b666b51c345070a180de4a6c0aab41c8d Mon Sep 17 00:00:00 2001 From: Vigi Zhang Date: Thu, 14 Apr 2022 12:06:45 +0800 Subject: [PATCH] add security policy (#41749) --- SECURITY.md | 58 +++++++++++++++++++++++++++++++++++++++++++ SECURITY_cn.md | 44 ++++++++++++++++++++++++++++++++ security/README.md | 12 +++++++++ security/README_cn.md | 12 +++++++++ 4 files changed, 126 insertions(+) create mode 100644 SECURITY.md create mode 100644 SECURITY_cn.md create mode 100644 security/README.md create mode 100644 security/README_cn.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000000..490c804e9de --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,58 @@ +# Using PaddlePaddle Securely + +This document describes model security and code security in PaddlePaddle. It also provides guidelines on how to report vulnerabilities in PaddlePaddle. + +## PaddlePaddle Model Security + +PaddlePaddle attaches great importance to security and privacy of model. This includes how to prevent the model from outputting wrong decision results under the interference when it is used in security-related and safety-critical scenarios, and how to avoid leaking data and privacy information from the model itself, the model gradient or the model inference results. + + + +[PaddleSleeve](https://github.com/PaddlePaddle/PaddleSleeve) provides a series of security and privacy tools, which can help model developers and users systematically evaluate and improve the model security and privacy in both development and deployment stages. + + + +These tools include adversarial example evaluation test, pseudo-natural environment robustness evaluation test, model reversing evaluation test, member inference evaluation test, sample denoising, adversarial training, privacy enhancement optimizer, etc. + +## PaddlePaddle Code Security + +PaddlePaddle always take code security seriously. However, due to the complexity of the framework and its dependence on other thirdparty open source libraries, there may still be some security issues undetected. Therefore, we hope that more security researchers and PaddlePaddle developers can participate in the code security program. We encourage responsible disclosure of security issues, as well as contributing code to improve our vulnerability finding tools to make PaddlePaddle safer. + +### Code security tools + +PaddlePaddle security team attaches great importance to the security of the framework. In order to find and fix security issues as soon as possible, we are continuously conducting code security audit and developing automatic vunerability discovery tools. We have already open sourced some of them to the community, hoping this could encourage people to contribute and improve the safety and robustness of PaddlePaddle. [This tool](https://github.com/PaddlePaddle/PaddleSleeve/tree/main/CodeSecurity) includes two parts. The dynamic part includes some op fuzzer samples. And the static part includes some CodeQL samples. Both of them are aim to find vulnerabilities in PaddlePaddle framework codebase. By referring the samples, security researchers can write their own fuzzers or QLs to test more PaddlePaddle modules, and find more code security issues. + +### Reporting vulnerabilities + +We encourage responsible disclosure of security issues to PaddlePaddle and please email reports about any security issues you find to security@paddlepaddle.org. + + + +After the security team receives your email, they will communicate with you in time. The security team will work to keep you informed of an issue fix. + + + +In order to reproduce and identify the issue, please include the following information along with your email: + +- The details of the vulnerability including how to reproduce it. Try to attach a PoC. +- The attack scenario and what an attacker might be able to achieve with this issue. +- Whether this vulnerability has been made public. If it is, please attach details. +- Your name and affiliation. + +We will indicate the bug fix in the release of PaddlePaddle, and publish the vulnerability detail and the reporter in the security advisories (Your name will not be published if you choose to remain anonymous). + +### What is a vulnerability? + +In the process of computation graphs in PaddlePaddle, models can perform arbitrary computations , including reading and writing files, communicating with the network, etc. It may cause memory exhaustion, deadlock, etc., which will lead to unexpected behavior of PaddlePaddle. We consider these behavior to be security vulnerabilities only if they are out of the intention of the operation involved. + + + +Some unexpected parameters and behaviors have been checked in PaddlePaddle by throwing exceptions in Python or return error states in C++. In these cases, denial of service is still possible, but the exit of the PaddlePaddle is clean. Since the error handling of PaddlePaddle is expected and correct, these cases are not security vulnerabilities. + + + +If malicious input can trigger memory corruption or non-clean exit, such bug is considered a security problem. + + + +[security advisories](https://github.com/PaddlePaddle/Paddle/security/README.md) diff --git a/SECURITY_cn.md b/SECURITY_cn.md new file mode 100644 index 00000000000..e9f503192c1 --- /dev/null +++ b/SECURITY_cn.md @@ -0,0 +1,44 @@ +# 安全使用飞桨 + + + +本文将对飞桨模型及代码安全进行介绍,并介绍如何向飞桨提报漏洞。 + +## 飞桨模型安全 + +飞桨关注模型的安全性和隐私性。其中包括当模型被用于安全攸关场景时,如何避免模型在干扰下输出错误的决策结果,以及如何避免从模型本身、模型梯度或模型推理结果中泄露数据和隐私信息。 + +飞桨的安全和隐私套件[PaddleSleeve](https://github.com/PaddlePaddle/PaddleSleeve)提供了一系列工具,可帮助模型开发者及使用者在模型的开发或部署阶段,系统性地评估并提升模型的安全性和隐私性。这些工具包括对抗样本评估测试、拟自然环境鲁棒性评估测试、模型逆向评估测试、成员推断评估测试、样本去噪、对抗训练、隐私增强优化器等。 + +## 飞桨代码安全 + +飞桨团队一向非常重视代码安全,但鉴于飞桨框架的实现非常复杂,并且依赖了多个第三方开源库,其中仍可能会存在未被发现的问题。因此,我们希望有更多安全研究人员、飞桨开发者能参与到飞桨代码安全保障项目中来,我们鼓励向飞桨负责任的披露(Responsible Disclosure)安全问题,也鼓励向飞桨贡献代码完善动静态漏洞挖掘工具,让飞桨变得更安全。 + +### 安全工具 + +飞桨安全团队对于飞桨框架自身的安全高度重视,为了尽快地发现和修复安全问题,我们内部在持续地进行代码安全审计和研发自动化漏洞挖掘工具。我们将一些工具和方法开源给社区,希望能抛砖引玉,大家一起来贡献提高飞桨的安全性和鲁棒性。工具开源见[CodeSecurity](https://github.com/PaddlePaddle/PaddleSleeve/tree/main/CodeSecurity)。该开源工具包含两部分内容,分别从动态(模糊测试)和静态(CodeQL)两个角度对飞桨代码进行安全审计和漏洞挖掘。通过参照和添加新的测试模块,可以帮助覆盖更多飞桨代码模块,发现更多的代码安全问题。 + +### 报告安全问题 + +我们鼓励向飞桨负责任地披露安全问题,请将所发现的安全问题发送电子邮件到 security@paddlepaddle.org。 + +在安全团队收到邮件后将会及时与您沟通并反馈问题修复进度。 + +为了更好地复现和认定问题情况,请在邮件中: + +- 详细描述漏洞细节,如何复现,并尽量附上PoC。 +- 描述攻击场景,介绍攻击者可能由此问题所能达到的效果。 +- 该问题是否已公开并描述情况。 +- 署名您的姓名和从属关系。 + +我们会将漏洞修复情况注明在飞桨的发布当中,并在致谢公告中发布漏洞情况和提报人(如果您选择不公开署名将不会发布提报人信息)。 + +### 安全问题认定说明 + +飞桨在计算图的过程中,由于模型可以执行任何计算,操作文件,进行网络通信等功能,可能造成内存耗尽,死锁等情况发生,这将导致飞桨产生一些非预期的行为。我们认为只有当这些行为超出了所涉及的操作意图时才算作是安全问题。 + +飞桨框架代码中对于一些非预期的参数和行为会进行检查,Python代码中以抛出异常为形式,C++代码中以返回错误状态为形式。这些情况下,飞桨代码的退出是干净的,但仍可能会因此造成拒绝服务,然而由于飞桨的处理是预期且正确的,所以造成这些情况并不算作是安全问题。 + +如果输入非预期的参数后,对飞桨代码造成了内存破坏,或者非干净退出,这类行为被认定为存在安全问题。 + +### [安全公告](https://github.com/PaddlePaddle/Paddle/security/README_cn.md) diff --git a/security/README.md b/security/README.md new file mode 100644 index 00000000000..ab3dab8c0cc --- /dev/null +++ b/security/README.md @@ -0,0 +1,12 @@ +# PaddlePaddle Security Advisories + +We regularly publish security advisories about using PaddlePaddle. + + + +*Note*: In conjunction with these security advisories, we strongly encourage PaddlePaddle users to read and understand PaddlePaddle's security model as outlined in [SECURITY.md](https://github.com/PaddlePaddle/Paddle/SECURITY.md). + + +| Advisory Number | Type | Versions affected | Reported by | Additional Information| +| --------------- | ---- | :---------------: | ----------- | ----------------------| +| | | | | | diff --git a/security/README_cn.md b/security/README_cn.md new file mode 100644 index 00000000000..2ae23046469 --- /dev/null +++ b/security/README_cn.md @@ -0,0 +1,12 @@ +# 飞桨安全公告 + +我们在此定期发布飞桨安全公告。 + + + +注:我们非常建议飞桨用户阅读和理解[SECURITY_cn.md](https://github.com/PaddlePaddle/Paddle/SECURITY_cn.md)所介绍的飞桨安全模型,以便更好地了解此安全公告。 + + +| 安全公告编号 | 类型 | 受影响版本 | 报告者 | 备注 | +| --------------- | ---- | :---------------: | ----------- | ----------------------| +| | | | | | -- GitLab