Open Access iconOpen Access

ARTICLE

crossmark

KubeFuzzer: Automating RESTful API Vulnerability Detection in Kubernetes

by Tao Zheng1, Rui Tang1,2,3, Xingshu Chen1,2,3,*, Changxiang Shen1

1 School of Cyber Science and Engineering, Sichuan University, Chengdu, 610065, China
2 Cyber Science Research Institute, Sichuan University, Chengdu, 610065, China
3 Key Laboratory of Data Protection and Intelligent Management (Sichuan University), Ministry of Education, Chengdu, 610065, China

* Corresponding Author: Xingshu Chen. Email: email

Computers, Materials & Continua 2024, 81(1), 1595-1612. https://doi.org/10.32604/cmc.2024.055180

Abstract

RESTful API fuzzing is a promising method for automated vulnerability detection in Kubernetes platforms. Existing tools struggle with generating lengthy, high-semantic request sequences that can pass Kubernetes API gateway checks. To address this, we propose KubeFuzzer, a black-box fuzzing tool designed for Kubernetes RESTful APIs. KubeFuzzer utilizes Natural Language Processing (NLP) to extract and integrate semantic information from API specifications and response messages, guiding the generation of more effective request sequences. Our evaluation of KubeFuzzer on various Kubernetes clusters shows that it improves code coverage by 7.86% to 36.34%, increases the successful response rate by 6.7% to 83.33%, and detects 16.7% to 133.3% more bugs compared to three leading techniques. KubeFuzzer identified over 1000 service crashes, which were narrowed down to 7 unique bugs. We tested these bugs on 10 real-world Kubernetes projects, including major providers like AWS (EKS), Microsoft Azure (AKS), and Alibaba Cloud (ACK), and confirmed that these issues could trigger service crashes. We have reported and confirmed these bugs with the Kubernetes community, and they have been addressed.

Keywords


Cite This Article

APA Style
Zheng, T., Tang, R., Chen, X., Shen, C. (2024). Kubefuzzer: automating restful API vulnerability detection in kubernetes. Computers, Materials & Continua, 81(1), 1595-1612. https://doi.org/10.32604/cmc.2024.055180
Vancouver Style
Zheng T, Tang R, Chen X, Shen C. Kubefuzzer: automating restful API vulnerability detection in kubernetes. Comput Mater Contin. 2024;81(1):1595-1612 https://doi.org/10.32604/cmc.2024.055180
IEEE Style
T. Zheng, R. Tang, X. Chen, and C. Shen, “KubeFuzzer: Automating RESTful API Vulnerability Detection in Kubernetes,” Comput. Mater. Contin., vol. 81, no. 1, pp. 1595-1612, 2024. https://doi.org/10.32604/cmc.2024.055180



cc Copyright © 2024 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 308

    View

  • 188

    Download

  • 0

    Like

Share Link