
Lead Image © Kirsty Pargeter, 123RF.com
Securing AI model deployments with SELinux
Blocked
Artificial intelligence (AI) model deployments are increasingly targeted by attackers aiming to steal sensitive data, tamper with models, or exploit computational resources. Security-Enhanced Linux (SELinux), a mandatory access control (MAC) framework, offers robust protection beyond traditional discretionary access control (DAC). In this article, we investigate the effectiveness of SELinux in securing AI workloads on Red Hat Enterprise Linux (RHEL) 9 through experiments simulating real-world attack scenarios. Our objectives are to evaluate the Linux security module's ability to prevent unauthorized model modification, workload execution, data theft, and directory tampering.
Prior studies have explored SELinux for securing enterprise systems [1], but its application to AI deployments remains under explored. Research on AI security highlights vulnerabilities in model files and compute resources [2]. Our work bridges this gap by demonstrating the role that SELinux can play in protecting AI systems.
Methodology
Experiments were conducted on RHEL 9, a modern enterprise-grade platform. We deployed an 18-layer convolutional neural network (CNN; ResNet-18) model (PyTorch) with a Flask API and simulated attacks under two conditions: SELinux in permissive mode (relying on DAC) and enforcing mode (with MAC). Attack scenarios included unauthorized model modification, workload execution, file theft, and directory tampering. SELinux policies assigned specific roles (e.g., staff_u
) and file contexts (e.g., public_content_t
).
Unauthorized AI Model Modification
The objective was to evaluate SELinux's ability to prevent unauthorized modification of deployed AI model files. A ResNet-18 model was stored
...Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
