检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:Tao Zheng Rui Tang Xingshu Chen Changxiang Shen
机构地区:[1]School of Cyber Science and Engineering,Sichuan University,Chengdu,610065,China [2]Cyber Science Research Institute,Sichuan University,Chengdu,610065,China [3]Key Laboratory of Data Protection and Intelligent Management(Sichuan University),Ministry of Education,Chengdu,610065,China
出 处:《Computers, Materials & Continua》2024年第10期1595-1612,共18页计算机、材料和连续体(英文)
基 金:supported by the National Natural Science Foundation of China(No.62202320);the Fundamental Research Funds for the Central Universities(Nos.SCU2023D008,2023SCU12129);the Natural Science Foundation of Sichuan Province(No.2024NSFSC1449);the Science and Engineering Connotation Development Project of Sichuan University(No.2020SCUNG129);the Key Laboratory of Data Protection and Intelligent Management(Sichuan University),Ministry of Education.
摘 要:RESTful API fuzzing is a promising method for automated vulnerability detection in Kubernetes platforms.Existing tools struggle with generating lengthy,high-semantic request sequences that can pass Kubernetes API gateway checks.To address this,we propose KubeFuzzer,a black-box fuzzing tool designed for Kubernetes RESTful APIs.KubeFuzzer utilizes Natural Language Processing(NLP)to extract and integrate semantic information from API specifications and response messages,guiding the generation of more effective request sequences.Our evaluation of KubeFuzzer on various Kubernetes clusters shows that it improves code coverage by 7.86%to 36.34%,increases the successful response rate by 6.7%to 83.33%,and detects 16.7%to 133.3%more bugs compared to three leading techniques.KubeFuzzer identified over 1000 service crashes,which were narrowed down to 7 unique bugs.We tested these bugs on 10 real-world Kubernetes projects,including major providers like AWS(EKS),Microsoft Azure(AKS),and Alibaba Cloud(ACK),and confirmed that these issues could trigger service crashes.We have reported and confirmed these bugs with the Kubernetes community,and they have been addressed.
关 键 词:Kubernetes RESTful APIs API fuzzing black-box fuzzing
分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:3.141.38.5