当前位置:首页 > 报告详情

流程背后的疏漏:发现并揭开 Azure MLOps 中存在漏洞的工具套件的神秘面纱.pdf

上传人: 竿*** 编号:981838 2025-11-29 75页 7.05MB

1、#BHAS BlackHatEventsThe Oversights under The FlowDiscovering and Demystifying the Vulnerable Tooling Suites from Azure MLOpsPeng Zhou()Shanghai University#BHAS BlackHatEventsPeng Zhou(zpbrent)Associate Professor at Shanghai University Bug Hunter for Web/3 and AI/LLM OSS Vulnerabilities Reach me out

2、at:https:/zpbrent.github.io/whoami#BHAS BlackHatEventsAgenda The Flow for Azure MLOps The Tooling Suites We Focus The Oversights,Vulnerabilities,and Impacts Oversights within Coordinated Disclosure Countermeasure&Takeaway#BHAS BlackHatEvents The Flow for Azure MLOps The Tooling Suites We Focus The O

3、versights,Vulnerabilities,and Impacts Oversights within Coordinated Disclosure Countermeasure&Takeaway Agenda#BHAS BlackHatEventsThe Flow for Azure DevOps1 https:/ BlackHatEventsFrom DevOps to MLOps2 https:/ BlackHatEventsThe ML Flow in Azure MLOps3 https:/www.c- BlackHatEvents The Flow for Azure ML

4、Ops The Tooling Suites We Focus The Oversights,Vulnerabilities,and Impacts Oversights within Coordinated Disclosure Countermeasure&Takeaway Agenda#BHAS BlackHatEventsAzure AI+ML Architecture4 https:/ OpenAIAzure Machine Learning WorkspaceOn-premise NetworksDevOpsMLOpsdeployLLM enabledEnd usersAzure

5、APPs#BHAS BlackHatEventsVulnerable Tooling Suites:Overview#BHAS BlackHatEventsMLOps=Machine Learning+DevOps#BHAS BlackHatEventsVulnerable Tooling Suites in Azure MLOps#BHAS BlackHatEvents The Flow for Azure MLOps The Tooling Suites We Focus The Oversights,Vulnerabilities,and Impacts Oversights withi

6、n Coordinated Disclosure Countermeasure&Takeaway Agenda#BHAS BlackHatEventsPrompt Flow in Azure MLBuild high-quality LLM apps-from prototyping,and testing to production deployment and monitoring5 https:/ BlackHatEventsExample in Azure ML Workspace The core feature for Azure ML Studio&A Tool for Azur

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据《The FlowDiscovering and Demystifying the Vulnerable Tooling Suites from Azure MLOps》的内容,以下为全文关键点: 1. **Azure MLOps流程与工具套件**:文章探讨了Azure MLOps的流程,重点关注其中的工具套件,特别是存在漏洞的工具。 2. **漏洞与影响**:文章揭示了多个漏洞,包括命令注入、路径遍历和代码注入等,这些漏洞可能影响实验、评估和部署过程。 3. **协调披露中的疏忽**:文章指出在协调披露过程中存在疏忽,导致一些漏洞未得到充分修复。 4. **对策与启示**:建议开源工具维护者加强安全检查,MSRC需更严格地控制披露进度,开发者应警惕Azure工具可能带来的安全风险。 5. **具体案例**:文章详细分析了多个漏洞案例,包括Azure AI Studio客户端SDK、DeepSpeed和TorchGeo等工具的漏洞。
漏洞与对策" "揭秘Azure MLOps工具套件风险" "如何防范Azure MLOps安全漏洞?"
客服
商务合作
小程序
服务号
折叠