PacJam

Pashakhanloo, Pardis; Machiry, Aravind; Choi, Hyon-Young; Canino, Anthony; Heo, Kihong; Lee, Insup; Naik, Mayur

doi:10.1145/3488932.3524054

“…Bloat is known to increase the vulnerabilities in software [4,10,12,31,50]. One common measure of the security impact of bloat is to compare the number of Common Vulnerabilities and Exposures (CVEs) found in the removed files to the total number of CVEs discovered [3,6,45]. For assessing CVEs in ML containers, it is crucial that the tools can scan for vulnerabilities in shared libraries and Python packages, which are the two main components of ML systems.…”

Section: Analysis Frameworkmentioning

confidence: 99%

Machine Learning Systems are Bloated and Vulnerable

Zhang,

Alhanahnah,

Ahmed

et al. 2024

SIGMETRICS Perform. Eval. Rev.

0

View full text Add to dashboard Cite

Today's software is bloated with both code and features that are not used by most users. This bloat is prevalent across the entire software stack, from operating systems and applications to containers. Containers are lightweight virtualization technologies used to package code and dependencies, providing portable, reproducible and isolated environments. For their ease of use, data scientists often utilize machine learning containers to simplify their workflow. However, this convenience comes at a cost: containers are often bloated with unnecessary code and dependencies, resulting in very large sizes. In this paper, we analyze and quantify bloat in machine learning containers. We develop MMLB, a framework for analyzing bloat in software systems, focusing on machine learning containers. MMLB measures the amount of bloat at both the container and package levels, quantifying the sources of bloat. In addition, MMLB integrates with vulnerability analysis tools and performs package dependency analysis to evaluate the impact of bloat on container vulnerabilities. Through experimentation with 15 machine learning containers from TensorFlow, PyTorch, and Nvidia, we show that bloat accounts for up to 80% of machine learning container sizes, increasing container provisioning times by up to 370% and exacerbating vulnerabilities by up to 99%. For more detail, see the full paper, ~\citezhang2024machine.

show abstract

Automatic Specialization of Third-Party Java Dependencies

Soto-Valero,

Tiwari,

Toady

et al. 2023

IIEEE Trans. Software Eng.

2

0

View full text Add to dashboard Cite

Machine Learning Systems are Bloated and Vulnerable

Zhang,

Alhanahnah,

Ahmed

et al. 2024

Proc. ACM Meas. Anal. Comput. Syst.

2

0

View full text Add to dashboard Cite

Today's software is bloated with both code and features that are not used by most users. This bloat is prevalent across the entire software stack, from operating systems and applications to containers. Containers are lightweight virtualization technologies used to package code and dependencies, providing portable, reproducible and isolated environments. For their ease of use, data scientists often utilize machine learning containers to simplify their workflow. However, this convenience comes at a cost: containers are often bloated with unnecessary code and dependencies, resulting in very large sizes. In this paper, we analyze and quantify bloat in machine learning containers. We develop MMLB, a framework for analyzing bloat in software systems, focusing on machine learning containers. MMLB measures the amount of bloat at both the container and package levels, quantifying the sources of bloat. In addition, MMLB integrates with vulnerability analysis tools and performs package dependency analysis to evaluate the impact of bloat on container vulnerabilities. Through experimentation with 15 machine learning containers from TensorFlow, PyTorch, and Nvidia, we show that bloat accounts for up to 80% of machine learning container sizes, increasing container provisioning times by up to 370% and exacerbating vulnerabilities by up to 99%.

show abstract

PacJam

Cited by 4 publications

References 22 publications

Machine Learning Systems are Bloated and Vulnerable

Machine Learning Systems are Bloated and Vulnerable

Automatic Specialization of Third-Party Java Dependencies

Machine Learning Systems are Bloated and Vulnerable

Contact Info

Product

Resources

About