Lead Image © Kirsty Pargeter, 123RF.com

Securing AI model deployments with SELinux

Blocked

Artificial intelligence (AI) model deployments are increasingly targeted by attackers aiming to steal sensitive data, tamper with models, or exploit computational resources. Security-Enhanced Linux (SELinux), a mandatory access control (MAC) framework, offers robust protection beyond traditional discretionary access control (DAC). In this article, we investigate the effectiveness of SELinux in securing AI workloads on Red Hat Enterprise Linux (RHEL) 9 through experiments simulating real-world attack scenarios. Our objectives are to evaluate the Linux security module's ability to prevent unauthorized model modification, workload execution, data theft, and directory tampering.

Prior studies have explored SELinux for securing enterprise systems [1], but its application to AI deployments remains under explored. Research on AI security highlights vulnerabilities in model files and compute resources [2]. Our work bridges this gap by demonstrating the role that SELinux can play in protecting AI systems.

Methodology

Experiments were conducted on RHEL 9, a modern enterprise-grade platform. We deployed an 18-layer convolutional neural network (CNN; ResNet-18) model (PyTorch) with a Flask API and simulated attacks under two conditions: SELinux in permissive mode (relying on DAC) and enforcing mode (with MAC). Attack scenarios included unauthorized model modification, workload execution, file theft, and directory tampering. SELinux policies assigned specific roles (e.g., staff_u) and file contexts (e.g., public_content_t).

Unauthorized AI Model Modification

The objective was to evaluate SELinux's ability to prevent unauthorized modification of deployed AI model files. A ResNet-18 model was stored

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES

Print Issues

Digital Issues

 

SUBSCRIPTIONS

Print Subs

Digisubs

 

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia