RBAC Atlas: Mapping Real-World Kubernetes Permissions and Exposing Risky Projects
Lenin Alevski
BSidesSF 2026 · Day 1 · AMC Theatre 09
In the rapidly evolving landscape of cloud-native computing, Kubernetes has emerged as the de facto operating system of the cloud, orchestrating containerized applications with unparalleled scale and flexibility. However, this power comes with inherent complexity, particularly concerning its Role-Based Access Control (RBAC) system. Lenin Alevski's talk, "RBAC Atlas: Mapping Real-World Kubernetes Permissions and Exposing Risky Projects," delves into the critical security implications of misconfigured RBAC policies, which often create hidden security minefields within Kubernetes clusters.
AI review
Competent, practitioner-level work on a real problem — Kubernetes RBAC misconfiguration is genuinely dangerous and under-audited. The tooling (RBAC Scope + RBAC Atlas) is useful and the Ingress Nginx case study grounds the research in a known-bad CVE. But this is BSides-tier content: solid execution on a well-trodden problem space, not novel research.