Jupyter Notebook Attacks Taxonomy: Ransomware, Data Exfiltration, and Security Misconfiguration

Phuong Cao

doi:10.1109/SCW63240.2024.00106

Jupyter Notebook Attacks Taxonomy: Ransomware, Data Exfiltration, and Security Misconfiguration

Phuong Cao

National Center for Supercomputing Applications (NCSA)

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Open-science collaboration using Jupyter Notebooks may expose expensively trained AI models, high-performance computing resources, and training data to security vulnerabilities, such as unauthorized access, accidental deletion, or misuse. The ubiquitous deployments of Jupyter Notebooks (≈ 11 million public notebooks on Github have transformed collaborative scientific computing by enabling reproducible research. Jupyter is the main HPC's science gateway interface between AI researchers and supercomputers at academic institutions, such as the National Center for Supercomputing Applications (NCSA), national labs, and the industry. An impactful attack targeting Jupyter could disrupt scientific missions and business operations.This paper describes the network-based attack taxonomy of Jupyter Notebooks, such as ransomware, data exfiltration, security misconfiguration, and resource abuse for cryptocurrency mining. The open nature of Jupyter (direct data access, arbitrary code execution in multiple programming languages kernels) and its vast attack interface (terminal, file browser, untrusted cells) also attract attacks attempting to misuse supercomputing resources and steal state-of-the-art research artifacts. Jupyter uses encrypted datagrams of rapidly evolving WebSocket protocols that challenge even the most state-of-the-art network observability tools, such as Zeek.We envisage even more sophisticated AI-driven attacks can be adapted to target Jupyter, where defenders have limited visibility. In addition, the cryptographic design of Jupyter should be adapted to resist emerging quantum threats. On balance, this is the first paper to systematically describe the threat model against Jupyter Notebooks and lay out the design of auditing Jupyter to have better visibility against such attacks.

Original language	English (US)
Title of host publication	Proceedings of SC 2024-W
Subtitle of host publication	Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	750-754
Number of pages	5
ISBN (Electronic)	9798350355543
DOIs	https://doi.org/10.1109/SCW63240.2024.00106
State	Published - 2024
Event	2024 Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis, SC Workshops 2024 - Atlanta, United States Duration: Nov 17 2024 → Nov 22 2024

Conference

Conference	2024 Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis, SC Workshops 2024
Country/Territory	United States
City	Atlanta
Period	11/17/24 → 11/22/24

Keywords

attacks
auditing
cryptography
jupyter
network
notebooks
post-quantum
provenance
quantum
ransomware
security
vulnerabilities

ASJC Scopus subject areas

Information Systems
Software
Modeling and Simulation
Artificial Intelligence
Computer Networks and Communications
Computer Science Applications
Hardware and Architecture

Online availability

10.1109/SCW63240.2024.00106

Library availability

Discover UIUC Full Text

Cite this

Jupyter Notebook Attacks Taxonomy: Ransomware, Data Exfiltration, and Security Misconfiguration. / Cao, Phuong.
Proceedings of SC 2024-W: Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis. Institute of Electrical and Electronics Engineers Inc., 2024. p. 750-754.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Cao, P 2024, Jupyter Notebook Attacks Taxonomy: Ransomware, Data Exfiltration, and Security Misconfiguration. in Proceedings of SC 2024-W: Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis. Institute of Electrical and Electronics Engineers Inc., pp. 750-754, 2024 Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis, SC Workshops 2024, Atlanta, United States, 11/17/24. https://doi.org/10.1109/SCW63240.2024.00106

@inproceedings{e3b3a1b2d1694f98b9d0b160f8c68ebe,

title = "Jupyter Notebook Attacks Taxonomy: Ransomware, Data Exfiltration, and Security Misconfiguration",

abstract = "Open-science collaboration using Jupyter Notebooks may expose expensively trained AI models, high-performance computing resources, and training data to security vulnerabilities, such as unauthorized access, accidental deletion, or misuse. The ubiquitous deployments of Jupyter Notebooks (≈ 11 million public notebooks on Github have transformed collaborative scientific computing by enabling reproducible research. Jupyter is the main HPC's science gateway interface between AI researchers and supercomputers at academic institutions, such as the National Center for Supercomputing Applications (NCSA), national labs, and the industry. An impactful attack targeting Jupyter could disrupt scientific missions and business operations.This paper describes the network-based attack taxonomy of Jupyter Notebooks, such as ransomware, data exfiltration, security misconfiguration, and resource abuse for cryptocurrency mining. The open nature of Jupyter (direct data access, arbitrary code execution in multiple programming languages kernels) and its vast attack interface (terminal, file browser, untrusted cells) also attract attacks attempting to misuse supercomputing resources and steal state-of-the-art research artifacts. Jupyter uses encrypted datagrams of rapidly evolving WebSocket protocols that challenge even the most state-of-the-art network observability tools, such as Zeek.We envisage even more sophisticated AI-driven attacks can be adapted to target Jupyter, where defenders have limited visibility. In addition, the cryptographic design of Jupyter should be adapted to resist emerging quantum threats. On balance, this is the first paper to systematically describe the threat model against Jupyter Notebooks and lay out the design of auditing Jupyter to have better visibility against such attacks.",

keywords = "attacks, auditing, cryptography, jupyter, network, notebooks, post-quantum, provenance, quantum, ransomware, security, vulnerabilities",

author = "Phuong Cao",

note = "The authors would like to thank NCSA staff for continuous support in data analysis and testbed deployment. This work utilized a security testbed at NCSA maintained by Phuong Cao and set up by AlexanderWithers.We thank the TrustedCI leadership team, other TrustedCI fellows, notably Dr. RickWagner, Dr. Jim Basney, Anita Nikolich, and community members (ESnet, LBNL, and Zeek) for their valuable feedback and support in an early version of this manuscript. We also want to recognize the following people/organizations/programs: the NSF's Trusted CI Cybersecurity Center of Excellence, Illinois Computes, FABRIC, ACCESS, and Delta allocations, NCSA Integrated Cyberinfrastructure/IRST team, particularly Timothy Boerner, James Eyrich, and Ryan Walker. This work was partly supported by the National Science Foundation (NSF) under contract \#2319190 and \#2430244. Any opinions, findings, conclusions, or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of their employers or sponsors.; 2024 Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis, SC Workshops 2024 ; Conference date: 17-11-2024 Through 22-11-2024",

year = "2024",

doi = "10.1109/SCW63240.2024.00106",

language = "English (US)",

pages = "750--754",

booktitle = "Proceedings of SC 2024-W",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

address = "United States",

}

TY - GEN

T1 - Jupyter Notebook Attacks Taxonomy

T2 - 2024 Workshops of the International Conference for High Performance Computing, Networking, Storage and Analysis, SC Workshops 2024

AU - Cao, Phuong

N1 - The authors would like to thank NCSA staff for continuous support in data analysis and testbed deployment. This work utilized a security testbed at NCSA maintained by Phuong Cao and set up by AlexanderWithers.We thank the TrustedCI leadership team, other TrustedCI fellows, notably Dr. RickWagner, Dr. Jim Basney, Anita Nikolich, and community members (ESnet, LBNL, and Zeek) for their valuable feedback and support in an early version of this manuscript. We also want to recognize the following people/organizations/programs: the NSF's Trusted CI Cybersecurity Center of Excellence, Illinois Computes, FABRIC, ACCESS, and Delta allocations, NCSA Integrated Cyberinfrastructure/IRST team, particularly Timothy Boerner, James Eyrich, and Ryan Walker. This work was partly supported by the National Science Foundation (NSF) under contract #2319190 and #2430244. Any opinions, findings, conclusions, or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of their employers or sponsors.

PY - 2024

Y1 - 2024

N2 - Open-science collaboration using Jupyter Notebooks may expose expensively trained AI models, high-performance computing resources, and training data to security vulnerabilities, such as unauthorized access, accidental deletion, or misuse. The ubiquitous deployments of Jupyter Notebooks (≈ 11 million public notebooks on Github have transformed collaborative scientific computing by enabling reproducible research. Jupyter is the main HPC's science gateway interface between AI researchers and supercomputers at academic institutions, such as the National Center for Supercomputing Applications (NCSA), national labs, and the industry. An impactful attack targeting Jupyter could disrupt scientific missions and business operations.This paper describes the network-based attack taxonomy of Jupyter Notebooks, such as ransomware, data exfiltration, security misconfiguration, and resource abuse for cryptocurrency mining. The open nature of Jupyter (direct data access, arbitrary code execution in multiple programming languages kernels) and its vast attack interface (terminal, file browser, untrusted cells) also attract attacks attempting to misuse supercomputing resources and steal state-of-the-art research artifacts. Jupyter uses encrypted datagrams of rapidly evolving WebSocket protocols that challenge even the most state-of-the-art network observability tools, such as Zeek.We envisage even more sophisticated AI-driven attacks can be adapted to target Jupyter, where defenders have limited visibility. In addition, the cryptographic design of Jupyter should be adapted to resist emerging quantum threats. On balance, this is the first paper to systematically describe the threat model against Jupyter Notebooks and lay out the design of auditing Jupyter to have better visibility against such attacks.

AB - Open-science collaboration using Jupyter Notebooks may expose expensively trained AI models, high-performance computing resources, and training data to security vulnerabilities, such as unauthorized access, accidental deletion, or misuse. The ubiquitous deployments of Jupyter Notebooks (≈ 11 million public notebooks on Github have transformed collaborative scientific computing by enabling reproducible research. Jupyter is the main HPC's science gateway interface between AI researchers and supercomputers at academic institutions, such as the National Center for Supercomputing Applications (NCSA), national labs, and the industry. An impactful attack targeting Jupyter could disrupt scientific missions and business operations.This paper describes the network-based attack taxonomy of Jupyter Notebooks, such as ransomware, data exfiltration, security misconfiguration, and resource abuse for cryptocurrency mining. The open nature of Jupyter (direct data access, arbitrary code execution in multiple programming languages kernels) and its vast attack interface (terminal, file browser, untrusted cells) also attract attacks attempting to misuse supercomputing resources and steal state-of-the-art research artifacts. Jupyter uses encrypted datagrams of rapidly evolving WebSocket protocols that challenge even the most state-of-the-art network observability tools, such as Zeek.We envisage even more sophisticated AI-driven attacks can be adapted to target Jupyter, where defenders have limited visibility. In addition, the cryptographic design of Jupyter should be adapted to resist emerging quantum threats. On balance, this is the first paper to systematically describe the threat model against Jupyter Notebooks and lay out the design of auditing Jupyter to have better visibility against such attacks.

KW - attacks

KW - auditing

KW - cryptography

KW - jupyter

KW - network

KW - notebooks

KW - post-quantum

KW - provenance

KW - quantum

KW - ransomware

KW - security

KW - vulnerabilities

UR - https://www.scopus.com/pages/publications/85217169809

UR - https://www.scopus.com/pages/publications/85217169809#tab=citedBy

U2 - 10.1109/SCW63240.2024.00106

DO - 10.1109/SCW63240.2024.00106

M3 - Conference contribution

AN - SCOPUS:85217169809

SP - 750

EP - 754

BT - Proceedings of SC 2024-W

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 17 November 2024 through 22 November 2024

ER -

Jupyter Notebook Attacks Taxonomy: Ransomware, Data Exfiltration, and Security Misconfiguration

Abstract

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this