{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,29]],"date-time":"2026-01-29T21:52:23Z","timestamp":1769723543896,"version":"3.49.0"},"reference-count":27,"publisher":"Tech Science Press","issue":"1","license":[{"start":{"date-parts":[[2024,10,20]],"date-time":"2024-10-20T00:00:00Z","timestamp":1729382400000},"content-version":"vor","delay-in-days":293,"URL":"https:\/\/doi.org\/10.32604\/TSP-CROSSMARKPOLICY"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["CMC"],"published-print":{"date-parts":[[2024]]},"DOI":"10.32604\/cmc.2024.055180","type":"journal-article","created":{"date-parts":[[2024,10,9]],"date-time":"2024-10-09T07:33:11Z","timestamp":1728459191000},"page":"1595-1612","update-policy":"https:\/\/doi.org\/10.32604\/tsp-crossmarkpolicy","source":"Crossref","is-referenced-by-count":2,"title":["KubeFuzzer: Automating RESTful API Vulnerability Detection in Kubernetes"],"prefix":"10.32604","volume":"81","author":[{"given":"Tao","family":"Zheng","sequence":"first","affiliation":[]},{"given":"Rui","family":"Tang","sequence":"additional","affiliation":[]},{"given":"Xingshu","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Changxiang","family":"Shen","sequence":"additional","affiliation":[]}],"member":"17807","published-online":{"date-parts":[[2024]]},"reference":[{"key":"ref1","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3607179","article-title":"Security misconfigurations in open source kubernetes manifests: An empirical study","volume":"32","author":"Rahman","year":"2023","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"ref2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3539606","article-title":"Kubernetes scheduling: Taxonomy, ongoing issues and challenges","volume":"55","author":"Carri\u00f3n","year":"2022","journal-title":"ACM Comput. Surv."},{"key":"ref3","series-title":"Proc. 28th ACM ESEC\/FSE","first-page":"725","article-title":"Intelligent REST API data fuzzing","author":"Godefroid","year":"2020"},{"key":"ref4","series-title":"Proc. USENIX Secur. 23","first-page":"5593","article-title":"NAUTILUS: Automated RESTful API vulnerability detection","author":"Deng","year":"2023"},{"key":"ref5","series-title":"Proc. 41th IEEE\/ACM ICSE","first-page":"748","article-title":"RESTler: Stateful REST API fuzzing","author":"Atlidakis","year":"2019"},{"key":"ref6","series-title":"Proc. 38th IEEE ICSME","first-page":"504","article-title":"RestTestGen: An extensible framework for automated black-box testing of restful apis","author":"Corradini","year":"2022"},{"key":"ref7","series-title":"Proc. 30th ACM ISSTA, Denmark","first-page":"682","article-title":"RESTest: Automated black-box testing of RESTful web APIs","author":"Martin-Lopez","year":"2021"},{"key":"ref8","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/3293455","article-title":"RESTful API automated test case generation with EvoMaster","volume":"28","author":"Arcuri","year":"2019","journal-title":"ACM Trans. Softw. Eng. Methodol."},{"key":"ref9","series-title":"Proc. 44th IEEE\/ACM ICSE","first-page":"1406","article-title":"Morest: Model-based RESTful API testing with execution feedback","author":"Liu","year":"2022"},{"key":"ref10","unstructured":"V. Atlidakis, R. Geambasu, P. Godefroid, M. Polishchuk, and B. Ray, \u201cPythia: Grammar-based fuzzing of rest apis with coverage-guided feedback and learning-based mutations,\u201d 2020, arXiv:2005.11498."},{"key":"ref11","series-title":"Proc. 13th IEEE ICST","first-page":"387","article-title":"Checking security properties of cloud service REST APIs","author":"Atlidakis","year":"2020"},{"key":"ref12","series-title":"22nd EDOC","first-page":"181","article-title":"Automatic generation of test cases for REST APIs: A specification-based approach","author":"Ed-Douibi","year":"2018"},{"key":"ref13","series-title":"Proc. 13th ICST","first-page":"131","article-title":"QuickREST: Property-based test generation of OpenAPI-described RESTful APIs","author":"Karlsson","year":"2020"},{"key":"ref14","series-title":"Proc. 32nd ACM ISSTA","first-page":"1232","article-title":"Enhancing REST API testing with NLP techniques","author":"Kim","year":"2023"},{"key":"ref15","series-title":"GLOBECOM 2017\u20142017 IEEE Global Commun. Conf.","first-page":"1","article-title":"A kubernetes-based monitoring platform for dynamic cloud resource provisioning","author":"Chang","year":"2017"},{"key":"ref16","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103140","article-title":"On the security of containers: Threat modeling, attack analysis, and mitigation strategies","volume":"128","author":"Wong","year":"2023, Art. no. 103140","journal-title":"Comput. Secur."},{"key":"ref17","series-title":"Proc. 28th ACM ESEC\/FSE","first-page":"1689","article-title":"Mitigating security attacks in kubernetes manifests for security best practices violation","author":"Shamim","year":"2021"},{"key":"ref18","series-title":"Proc. IEEE\/ACM 21st MSR","first-page":"192","article-title":"Does generative AI generate smells related to container orchestration?","author":"Zhang","year":"2024"},{"key":"ref19","series-title":"Proc. 28th IEEE MASCOTS","first-page":"1","article-title":"Security-performance trade-offs of kubernetes container runtimes","author":"Viktorsson","year":"2020"},{"key":"ref20","series-title":"Proc. IEEE INFOCOM","first-page":"1","article-title":"NetMARKS: Network metrics-aware kubernetes scheduler powered by service mesh","author":"Wojciechowski","year":"2021"},{"key":"ref21","doi-asserted-by":"crossref","first-page":"2623","DOI":"10.1109\/TCC.2020.3033807","article-title":"Extending kubernetes clusters to low-resource edge devices using virtual kubelets","volume":"10","author":"Goethals","year":"2020","journal-title":"IEEE Trans. Cloud Comput."},{"key":"ref22","series-title":"Proc. ACM SIGSAC Conf. Comput. Communicati. Security","first-page":"3048","article-title":"Take over the whole cluster: Attacking kubernetes via excessive permissions of third-party applications","author":"Yang","year":"2023"},{"key":"ref23","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103173","article-title":"Full-stack vulnerability analysis of the cloud-native platform","volume":"129","author":"Zeng","year":"2023, Art. no. 103173","journal-title":"Comput. Secur."},{"key":"ref24","series-title":"Proc. USENIX Secur. 23","first-page":"5971","article-title":"Cross container attacks: The bewildered eBPF on clouds","author":"He","year":"2023"},{"key":"ref25","series-title":"Proc. ACM CCS","first-page":"3063","article-title":"Lost along the way: Understanding and mitigating path-misresolution threats to container isolation","author":"Li","year":"2023"},{"key":"ref26","series-title":"Proc. USENIX Secur. 23","first-page":"4517","article-title":"MINER: A hybrid data-driven approach for REST API fuzzing","author":"Lyu","year":"2023"},{"key":"ref27","series-title":"Proc. IEEE\/ACM ICSE","first-page":"1","article-title":"EDEFuzz: A web API fuzzer for excessive data exposures","author":"Pan","year":"2024"}],"container-title":["Computers, Materials &amp; Continua"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.techscience.com\/files\/cmc\/2024\/TSP_CMC-81-1\/TSP_CMC_55180\/TSP_CMC_55180.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,7]],"date-time":"2025-03-07T02:38:14Z","timestamp":1741315094000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.techscience.com\/cmc\/v81n1\/58334"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"references-count":27,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2024]]},"published-print":{"date-parts":[[2024]]}},"URL":"https:\/\/doi.org\/10.32604\/cmc.2024.055180","relation":{},"ISSN":["1546-2226"],"issn-type":[{"value":"1546-2226","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"2024-06-19","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-09-14","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2024-10-15","order":2,"name":"published","label":"Published Online","group":{"name":"publication_history","label":"Publication History"}}]}}