Breaking ML Services: Finding Zero-Days in Azure Machine Learning
Hack In The Box Security Conference via YouTube
Overview
Explore the security vulnerabilities discovered in Azure Machine Learning, a managed Machine-Learning-as-a-Service platform offered by Microsoft. Delve into five zero-day vulnerabilities across three broad classes of security issues: insecure logging of sensitive information, MLSee vulnerability allowing sensitive information disclosure, and methods for achieving persistence in AML environments. Learn about the techniques used to assess the security of managed services like AML, including reversing cloud middleware and investigating the shared responsibility model. Gain insights into potential security risks in cloud-based MLaaS platforms and understand the importance of thorough security assessments in these rapidly adopted systems. Witness demonstrations of various research techniques employed to uncover these vulnerabilities, providing valuable knowledge for security professionals and researchers interested in cloud service security.
Syllabus
#HITB2023HKT D2T2 - Breaking ML Services: Finding 0-days In Azure Machine Learning - Nitesh Surana
Taught by
Hack In The Box Security Conference