Open Access iconOpen Access

ARTICLE

crossmark

RESTlogic: Detecting Logic Vulnerabilities in Cloud REST APIs

Ziqi Wang*, Weihan Tian, Baojiang Cui

School of Cyberspace Security, Beijing University of Posts and Telecommunications, Beijing, 100876, China

* Corresponding Author: Ziqi Wang. Email: email

Computers, Materials & Continua 2024, 78(2), 1797-1820. https://doi.org/10.32604/cmc.2023.047051

Abstract

The API used to access cloud services typically follows the Representational State Transfer (REST) architecture style. RESTful architecture, as a commonly used Application Programming Interface (API) architecture paradigm, not only brings convenience to platforms and tenants, but also brings logical security challenges. Security issues such as quota bypass and privilege escalation are closely related to the design and implementation of API logic. Traditional code level testing methods are difficult to construct a testing model for API logic and test samples for in-depth testing of API logic, making it difficult to detect such logical vulnerabilities. We propose RESTlogic for this purpose. Firstly, we construct a test group based on the tree structure of the REST API, adapt a logic vulnerability testing model, and use feedback based methods to detect code document inconsistency defects. Secondly, based on an abstract logical testing model and resource lifecycle information, generate test cases and complete parameters, and alleviate inconsistency issues through parameter inference. Once again, we propose a method of analyzing test results using joint state codes and call stack information, which compensates for the shortcomings of traditional analysis methods. We will apply our method to testing REST services, including OpenStack, an open source cloud operating platform for experimental evaluation. We have found a series of inconsistencies, known vulnerabilities, and new unknown logical defects.

Keywords


Cite This Article

APA Style
Wang, Z., Tian, W., Cui, B. (2024). Restlogic: detecting logic vulnerabilities in cloud REST apis. Computers, Materials & Continua, 78(2), 1797-1820. https://doi.org/10.32604/cmc.2023.047051
Vancouver Style
Wang Z, Tian W, Cui B. Restlogic: detecting logic vulnerabilities in cloud REST apis. Comput Mater Contin. 2024;78(2):1797-1820 https://doi.org/10.32604/cmc.2023.047051
IEEE Style
Z. Wang, W. Tian, and B. Cui "RESTlogic: Detecting Logic Vulnerabilities in Cloud REST APIs," Comput. Mater. Contin., vol. 78, no. 2, pp. 1797-1820. 2024. https://doi.org/10.32604/cmc.2023.047051



cc This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 393

    View

  • 157

    Download

  • 1

    Like

Share Link