ASE 2025 (series) / Research Papers /
Understanding Resource Injection Vulnerabilities in Kubernetes Ecosystems
This program is tentative and subject to change.
Tue 18 Nov 2025 15:00 - 15:10 at Grand Hall 5 - Security 2
Cloud-native technologies have revolutionized application development, with Kubernetes emerging as the de facto standard platform for containerization and orchestration. Kubernetes manages applications through API objects called resources, where users declare desired states via resource definitions that are processed by controllers to reconcile system discrepancies. However, this resource-based architecture introduces resource injection vulnerabilities, where controllers perform privileged operations using user-controllable fields without adequate validation. Attackers can exploit these weaknesses by injecting malicious content into resource definition fields to achieve unauthorized access and privilege escalation.
In this paper, we conduct the first comprehensive study on 125 resource injection vulnerabilities from 8,306 Kubernetes-related vulnerabilities across common databases. For all studied vulnerabilities, we investigate their vulnerable fields, root causes, privileged operations, exploitation conditions, and fixing strategies. Our study reveals many interesting findings that can guide the detection and mitigation of resource injection vulnerabilities, as well as the development of more secure cloud-native applications.
This program is tentative and subject to change.
Tue 18 NovDisplayed time zone: Seoul change
Tue 18 Nov
Displayed time zone: Seoul change
14:00 - 15:30 | |||
14:00 10mTalk | Towards Generalizable Instruction Vulnerability Prediction via LLM-Enhanced Code Representation Research Papers Bao Wen Nanjing University of Aeronautics and Astronautics, Jingjing Gu Nanjing University of Aeronautics and Astronautics, Jingxuan Zhang Nanjing University of Aeronautics and Astronautics, Yang Liu Nanyang Technological University, Pengfei Yu Nanjing University of Aeronautics and Astronautics, Yanchao Zhao Nanjing University of Aeronautics and Astronautics | ||
14:10 10mTalk | Interpretable Vulnerability Detection Reports Research Papers Claudia Mamede Carnegie Mellon University, Jose Campos FEUP & LASIGE, Claire Le Goues Carnegie Mellon University, Rui Abreu Faculty of Engineering of the University of Porto, Portugal | ||
14:20 10mTalk | Security Debt in LLM Agent Applications: A Measurement Study of Vulnerabilities and Mitigation Trade-offs Research Papers Zhuoxiang Shen Fudan University, Jiarun Dai Fudan University, Yuan Zhang Fudan University, Min Yang Fudan University | ||
14:30 10mTalk | Altered Histories in Version Control System Repositories: Evidence from the Trenches Research Papers Solal Rapaport Télécom Paris, Institut Polytechnique de Paris, Laurent Pautet Télécom Paris, Institut Polytechnique de Paris, Samuel Tardieu Télécom Paris, Institut Polytechnique de Paris, Stefano Zacchiroli LTCI, Télécom Paris, Institut Polytechnique de Paris, Palaiseau, France Pre-print | ||
14:40 10mTalk | Lares: LLM-driven Code Slice Semantic Search for Patch Presence Testing Research Papers Siyuan Li University of Chinese Academy of Sciences & Institute of Information Engineering Chinese Academy of Sciences, China, Yaowen Zheng Institute of Information Engineering at Chinese Academy of Sciences, Hong Li Institute of Information Engineering at Chinese Academy of Sciences, Jingdong Guo Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China;, Chaopeng Dong Institute of Information Engineering, CAS, Beijing, China; School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China;, Chunpeng Yan Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China, Weijie Wang Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China, Yimo Ren Institute of Information Engineering Chinese Academy of Sciences & University of Chinese Academy of Sciences, China, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Hongsong Zhu Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences | ||
14:50 10mTalk | PoliCond: Condition-Aware Ontology-Driven LLMs for Privacy Policy Analysis Research Papers Yalin Feng Nanjing University, Yifei Lu State Key Laboratory for Novel Software Technology, Nanjing University, China, Minxue Pan Nanjing University | ||
15:00 10mTalk | Understanding Resource Injection Vulnerabilities in Kubernetes Ecosystems Research Papers Defang Bo Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences, Jie Lu Institute of Computing Technology of the Chinese Academy of Sciences, Feng Li Key Laboratory of Network Assessment Technology, Institute of Information Engineering, Chinese Academy of Sciences, China; School of CyberSpace Security at University of Chinese Academy of Sciences, China, Jingting Chen Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences, Jinchen Wang Institute of Information Engineering, Chinese Academy of Sciences and School of Cyber Security, University of Chinese Academy of Sciences, Chendong Yu Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Yeting Li Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences, Wei Huo Institute of Information Engineering at Chinese Academy of Sciences | ||
15:10 10mTalk | LLM-Powered Static Binary Taint Analysis Journal-First Track Puzhuo Liu Ant Group & Tsinghua University, Chengnian Sun University of Waterloo, Yaowen Zheng Institute of Information Engineering at Chinese Academy of Sciences, Xuan Feng Independent Researcher, Chuan Qin Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, University of Chinese Academy of Sciences, Yuncheng Wang Institute of Information Engineering, Chinese Academy of Sciences; School of Cyber Security, UCAS Beijing, China, Zhenyang Xu University of Waterloo, Zhi Li Institute of Information Engineering, Chinese Academy of Sciences, China, Peng Di Ant Group & UNSW Sydney, Yu Jiang Tsinghua university, Limin Sun Institute of Information Engineering at Chinese Academy of Sciences; University of Chinese Academy of Sciences | ||
15:20 10mTalk | Stealthy Backdoor Attack for Code Models Journal-First Track Zhou Yang University of Alberta, Alberta Machine Intelligence Institute , Bowen Xu North Carolina State University, Jie M. Zhang King's College London, Hong Jin Kang University of Sydney, Jieke Shi Singapore Management University, Junda He Singapore Management University, David Lo Singapore Management University | ||