{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T02:13:00Z","timestamp":1773713580866,"version":"3.50.1"},"reference-count":49,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2026,3,1]],"date-time":"2026-03-01T00:00:00Z","timestamp":1772323200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"name":"European Commission under Horizon Europe","award":["101120393"],"award-info":[{"award-number":["101120393"]}]},{"name":"European Commission under Horizon Europe","award":["H2020"],"award-info":[{"award-number":["H2020"]}]},{"name":"European Commission under Horizon Europe","award":["952647"],"award-info":[{"award-number":["952647"]}]},{"DOI":"10.13039\/501100003246","name":"Dutch Research Council","doi-asserted-by":"crossref","award":["NWA-1215.18.006"],"award-info":[{"award-number":["NWA-1215.18.006"]}],"id":[{"id":"10.13039\/501100003246","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100003246","name":"Dutch Research Council","doi-asserted-by":"crossref","award":["KICH1.VE01.20.004"],"award-info":[{"award-number":["KICH1.VE01.20.004"]}],"id":[{"id":"10.13039\/501100003246","id-type":"DOI","asserted-by":"crossref"}]},{"name":"Italian Ministry of University and Research"},{"name":"P.N.R.R. &#x2013; NextGenerationEU","award":["PE00000014"],"award-info":[{"award-number":["PE00000014"]}]},{"name":"P.N.R.R. &#x2013; NextGenerationEU","award":["E63C240005900001"],"award-info":[{"award-number":["E63C240005900001"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2026,3]]},"DOI":"10.1109\/tdsc.2025.3628213","type":"journal-article","created":{"date-parts":[[2025,10,31]],"date-time":"2025-10-31T17:14:47Z","timestamp":1761930887000},"page":"2519-2533","source":"Crossref","is-referenced-by-count":0,"title":["Automated Analysis of Security Policy Violations in Helm Charts"],"prefix":"10.1109","volume":"23","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3018-044X","authenticated-orcid":false,"given":"Francesco","family":"Minna","sequence":"first","affiliation":[{"name":"Vrije Universiteit Amsterdam, Amsterdam, Netherlands"}]},{"given":"Agathe","family":"Blaise","sequence":"additional","affiliation":[{"name":"Thales SIX GTS, Gennevilliers, France"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7189-2817","authenticated-orcid":false,"given":"Katja","family":"Tuma","sequence":"additional","affiliation":[{"name":"Eindhoven University of Technology, Eindhoven, AZ, Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1091-8486","authenticated-orcid":false,"given":"Fabio","family":"Massacci","sequence":"additional","affiliation":[{"name":"University of Trento, Trento, Italy"}]}],"member":"263","reference":[{"key":"ref1","article-title":"2023 annual survey","volume-title":"CNCF","year":"2024"},{"key":"ref2","article-title":"Artifact hub","year":"2025"},{"key":"ref3","article-title":"Insider\u2019s playbook: Defending against cloud threats","year":"2024"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/3579639"},{"key":"ref5","article-title":"The risk of default configuration: How out-of-the-box helm charts can breach your cluster","author":"Katchinskiy","year":"2025"},{"key":"ref6","article-title":"2023 cloud-native security and usage report","author":"Isbitski","year":"2023"},{"key":"ref7","article-title":"Security without sacrifices","year":"2023"},{"key":"ref8","article-title":"What is infrastructure as code (IAC)?","year":"2025"},{"key":"ref9","article-title":"What is infrastructure as code?","year":"2025"},{"key":"ref10","article-title":"Kubernetes documentation","year":"2025"},{"key":"ref11","article-title":"Helm - The package manager for kubernetes","year":"2025"},{"key":"ref12","article-title":"What is seccomp?","year":"2025"},{"key":"ref13","article-title":"Apparmor - linux kernel security module","year":"2025"},{"key":"ref14","article-title":"The common cloud misconfigurations that lead to cloud data breaches","year":"2025"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.85"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3183440.3183452"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3183440.3195034"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2019.00033"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2021.3065190"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/access.2024.3514751"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-025-10672-8"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2024.3413752"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2024.3420712"},{"key":"ref24","article-title":"Gatekeeper: Policy controller for kubernetes","year":"2024"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/tcc.2025.3551838"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/cloud60044.2023.00036"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/EnCyCriS52570.2021.00009"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/SecDev45635.2020.00025"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3533767.3543291"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/ICITRI56423.2022.9970223"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/3540250.3549098"},{"key":"ref32","article-title":"Scan helm charts for Kubernetes misconfigurations with checkov","year":"2025"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/CNS56114.2022.9947248"},{"key":"ref34","first-page":"443","article-title":"Confine: Automated system call policy generation for container attack surface reduction","volume-title":"Proc. Int. Symp. Res. Attacks Intrusions Defenses","author":"Ghavamnia","year":"2020"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/IEMTRONICS52119.2021.9422529"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2015.7346869"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2018.00169"},{"key":"ref38","article-title":"Checkov","year":"2025"},{"key":"ref39","article-title":"Datree","year":"2025"},{"key":"ref40","article-title":"Kics","year":"2025"},{"key":"ref41","article-title":"Kubelinter","year":"2025"},{"key":"ref42","article-title":"Kubeaudit","year":"2025"},{"key":"ref43","article-title":"Kubescape","year":"2025"},{"key":"ref44","article-title":"Terrascan","year":"2025"},{"key":"ref45","article-title":"App manifest overview","year":"2025"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180426"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134059"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2019.00012"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-021-10013-5"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/8858\/11434575\/11223885.pdf?arnumber=11223885","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,3,17]],"date-time":"2026-03-17T01:15:35Z","timestamp":1773710135000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/11223885\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,3]]},"references-count":49,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2025.3628213","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,3]]}}}