From 82fe7d396e0951931f65e52f859617ce0a286c95 Mon Sep 17 00:00:00 2001 From: ramelg01 Date: Mon, 31 Jan 2022 17:33:04 +0000 Subject: Add disclaimer of ACL duty to protect the memory of the process using it from hacking Signed-off-by: Ramy Elgammal Resolves: COMPMID-2132 Change-Id: I76945425244202edb4aad03c1269e69c9f2608ae Reviewed-on: https://review.mlplatform.org/c/ml/ComputeLibrary/+/7036 Tested-by: Arm Jenkins Comments-Addressed: Arm Jenkins Reviewed-by: Michalis Spyrou --- docs/user_guide/advanced.dox | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'docs/user_guide/advanced.dox') diff --git a/docs/user_guide/advanced.dox b/docs/user_guide/advanced.dox index 86ee2ce756..806f4ea3b8 100644 --- a/docs/user_guide/advanced.dox +++ b/docs/user_guide/advanced.dox @@ -110,5 +110,19 @@ After the first run, the CLTuner's results can be exported to a file using the m This file can be also imported using the method "load_from_file("results.csv")". - tuner.load_from_file("results.csv"); +@section Security Concerns +Here are some security concerns that may affect Compute Library. + +@subsection A process running under the same uid could read another process memory + +Processes running under same user ID (UID) may be able to read each other memory and running state. Hence, This can +lead to information disclosure and sensitive data can be leaked, such as the weights of the model currently executing. +This mainly affects Linux systems and it's the responsibility of the system owner to make processes secure against +this vulnerability. Moreover, the YAMA security kernel module can be used to detect and stop such a trial of hacking, +it can be selected at the kernel compile time by CONFIG_SECURITY_YAMA and configured during runtime changing the +ptrace_scope in /proc/sys/kernel/yama. + +Please refer to: https://www.kernel.org/doc/html/v4.15/admin-guide/LSM/Yama.html for more information on this regard. + */ } // namespace \ No newline at end of file -- cgit v1.2.1