KubeFuzzer:Automating RESTful API Vulnerability Detection in Kubernetes

RESTful API fuzzing is a promising method for automated vulnerability detection in Kubernetes platforms.Existing tools struggle with generating lengthy,high-semantic request sequences that can pass Kubernetes API gateway checks.To address this,we propose KubeFuzzer,a black-box fuzzing tool designed for Kubernetes RESTful APIs.KubeFuzzer utilizes Natural Language Processing(NLP)to extract and integrate semantic information from API specifications and response messages,guiding the generation of more effective request sequences.Our evaluation of KubeFuzzer on various Kubernetes clusters shows that it improves code coverage by 7.86%to 36.34%,increases the successful response rate by 6.7%to 83.33%,and detects 16.7%to 133.3%more bugs compared to three leading techniques.KubeFuzzer identified over 1000 service crashes,which were narrowed down to 7 unique bugs.We tested these bugs on 10 real-world Kubernetes projects,including major providers like AWS(EKS),Microsoft Azure(AKS),and Alibaba Cloud(ACK),and confirmed that these issues could trigger service crashes.We have reported and confirmed these bugs with the Kubernetes community,and they have been addressed.

NCCMF:Non-Collaborative Continuous Monitoring Framework for Container-Based Cloud Runtime Status

The security performance of cloud services is a key factor influencing users’selection of Cloud Service Providers(CSPs).Continuous monitoring of the security status of cloud services is critical.However,existing research lacks a practical framework for such ongoing monitoring.To address this gap,this paper proposes the first NonCollaborative Container-Based Cloud Service Operation State Continuous Monitoring Framework(NCCMF),based on relevant standards.NCCMF operates without the CSP’s collaboration by:1)establishing a scalable supervisory index system through the identification of security responsibilities for each role,and 2)designing a Continuous Metrics Supervision Protocol(CMA)to automate the negotiation of supervisory metrics.The framework also outlines the supervision process for cloud services across different deployment models.Experimental results demonstrate that NCCMF effectively monitors the operational state of two real-world IoT(Internet of Things)cloud services,with an average supervision error of less than 15%.

Energy-Theft Detection Issues for Advanced Metering Infrastructure in Smart Grid

With the proliferation of smart grid research, the Advanced Metering Infrastructure （AMI） has become the first ubiquitous and fixed computing platform. However, due to the unique characteristics of AMI, such as complex network structure, resource-constrained smart meter, and privacy-sensitive data, it is an especially challenging issue to make AMI secure. Energy theft is one of the most important concerns related to the smart grid implementation. It is estimated that utility companies lose more than S25 billion every year due to energy theft around the world. To address this challenge, in this paper, we discuss the background of AMI and identify major security requirements that AMI should meet. Specifically, an attack tree based threat model is first presented to illustrate the energy-theft behaviors in AMI. Then, we summarize the current AMI energy-theft detection schemes into three categories, i.e., classification-based, state estimation-based, and game theory-based ones, and make extensive comparisons and discussions on them. In order to provide a deep understanding of security vulnerabilities and solutions in AMI and shed light on future research directions, we also explore some open challenges and potential solutions for energy-theft detection.