Litcius/Paper detail

Research Towards Key Issues of API Security

Ronghua Sun, Qianxun Wang, Liang Guo

2022Communications in computer and information science16 citationsDOIOpen Access PDF

Abstract

Abstract With the mass application of virtualization, micro-services, and cloud-native technologies, the interaction between service entities through APIs has become a norm. Many platforms are still maintaining a large number of old APIs due to business needs. At the same time, many new APIs are gradually going online. Both of these statuses put forward higher requirements for API security. Focusing on old APIs’ security protection and other issues, this article starts from the process of asset discovery, vulnerability detection, and security auditing. Aiming at the problem of API asset discovery, this article summarizes the technical methods of automatically clustering unowned API assets using the characteristics of various commonly used APIs. Aiming at new API vulnerability detection, a security analysis method based on finite state machine is proposed. For the first time, the cross-network communication taint propagation based on dynamic taint analysis technology and system-level simulation technology is realized, enabling sensitive data flow tracing in API communication become feasible. We designed a flowbased API security audit system to improve automated API protection. Finally, We analyzed technical opportunities and challenges of API security in detail and prospected for API security research’s next direction and development trend.

Topics & Concepts

Computer scienceComputer securityKey (lock)Cloud computingVulnerability (computing)Asset (computer security)Vulnerability assessmentApplication programming interfaceWorld Wide WebOperating systemPsychotherapistPsychologyPsychological resilienceAdvanced Malware Detection TechniquesSecurity and Verification in ComputingNetwork Security and Intrusion Detection
Research Towards Key Issues of API Security | Litcius