MétaCan
Menu
Back to cohort
Record W4211142584 · doi:10.1109/cns53000.2021.9705049

Securing APIs and Chaos Engineering

2021· article· en· W4211142584 on OpenAlex

Why this work is in the frame

A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.

affAt least one author lists a Canadian institution in the pinned OpenAlex snapshot.

Bibliographic record

Venuenot available
Typearticle
Languageen
FieldComputer Science
TopicWeb Application Security Vulnerabilities
Canadian institutionsToronto Metropolitan University
Fundersnot available
KeywordsComputer securityComputer scienceSecurity through obscuritySecurity engineeringSecurity testingCloud computing securitySecurity serviceAuthentication (law)Computer security modelCHAOS (operating system)Security information and event managementCloud computingSoftware security assuranceInformation security

Abstract

fetched live from OpenAlex

Suppose information security starts to embrace the reality that failure will happen. In that case, we can move from trying to build the perfectly secure system to continue asking questions like “how much vulnerability do I have and what control do I need to be effective?” This paper proposes Security Chaos Engineering as a method to expose API vulnerabilities and enhance API security. RESTful API has gained popularity in recent years due to its reusability, flexibility and natural adaptation to modern web application, mobile application, and cloud computing. However, ensuring secure API/data access and hence mitigating reputational and/or financial damage to the organization is still in its early stage. Foundational security protection mechanisms include transport layer security, authentication / authorization of the consumer (either individual or application). To complete the spectrum of secure API access and provide advanced protection, there is much more to consider: mitigation of API specific vulnerabilities at design and implementation time. API Security using Chaos Engineering is an approach for learning about system security behavers when using APIs by applying empirical exploration. Security Chaos Engineering is the discipline of experimenting to build confidence in the system’s security and see how a system can withstand threats in production. Security Chaos Engineering isn’t about creating chaos. It is about making the security chaos inherent in the system visible.

Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.

Full frame distilled prediction

Teacher imitation

Not calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.

metaresearch head score (Codex)0.000
metaresearch head score (Gemma)0.000
Version: codex-gemma-dda1882f352aValidation status: machine_predicted_unvalidated
Candidate categoriesnone
Consensus categoriesnone
DomainCandidate signal: none · Consensus signal: none
Study designCandidate signal: Theoretical or conceptual · Consensus signal: none
GenreCandidate signal: Empirical · Consensus signal: none
Teacher disagreement score0.963
Threshold uncertainty score0.212

Codex and Gemma teacher scores by category

CategoryCodexGemma
Metaresearch0.0000.000
Meta-epidemiology (narrow)0.0000.000
Meta-epidemiology (broad)0.0000.000
Bibliometrics0.0000.000
Science and technology studies0.0000.000
Scholarly communication0.0000.000
Open science0.0000.000
Research integrity0.0000.000
Insufficient payload (model declined to judge)0.0000.000

Machine scores (provisional)

The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.

Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.

Opus teacher head0.005
GPT teacher head0.185
Teacher spread0.180 · how far apart the two teachers sit on this one work
Validation statusscore_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it

Quick stats

Citations11
Published2021
Admission routes1
Has abstractyes

Explore more

Same topicWeb Application Security VulnerabilitiesFrench-language works237,207