Abstract
In recent years, misconfigurations of cloud services have led to major security incidents and large-scale data breaches. Due to the dynamic and complex nature of cloud environments, misconfigured (e.g., overly permissive) access policies can be easily introduced and often go undetected for a long period of time. Therefore, it is critical to identify any potential misconfigurations before they can be abused. In this paper, we present a novel misconfiguration detection approach for identity and access management policies in AWS. We base our approach on the observation that policies can be modeled as permissions between entities and objects in the form of a graph. Our key idea is that misconfigurations can be effectively detected as anomalies in such a graph representation. We evaluate our approach on real-world identity and access management policy data from three enterprise cloud environments. We investigate the effectiveness of our approach to detect misconfigurations, showing that it has a slightly lower precision compared to rule-based systems, but it is able to correctly detect between 3.7 and 6.4 times as many misconfigurations.
Original language | English |
---|---|
Title of host publication | CCSW 2022 - Proceedings of the 2022 Cloud Computing Security Workshop, co-located with CCS 2022 |
Pages | 63-74 |
Number of pages | 12 |
ISBN (Electronic) | 9781450398756 |
DOIs | |
Publication status | Published - 7 Nov 2022 |
Event | ACM Cloud Computing Security Workshop, CCSW 2022 - Los Angeles, United States Duration: 7 Nov 2022 → 7 Nov 2022 |
Conference
Conference | ACM Cloud Computing Security Workshop, CCSW 2022 |
---|---|
Abbreviated title | CCSW 2022 |
Country/Territory | United States |
City | Los Angeles |
Period | 7/11/22 → 7/11/22 |
Keywords
- Cybersecurity
Fingerprint
Dive into the research topics of 'Detecting Anomalous Misconfigurations in AWS Identity and Access Management Policies'. Together they form a unique fingerprint.Datasets
-
Code for Detecting Anomalous Misconfigurations in AWS Identity and Access Management Policies
van Ede, T. (Creator), Khasuntsev, N. (Creator), Steen, B. (Creator) & Continella, A. (Creator), 4TU.Centre for Research Data, 26 Oct 2023
DOI: 10.4121/948f9457-d168-4eb6-9523-bc235a871e83, https://data.4tu.nl/datasets/948f9457-d168-4eb6-9523-bc235a871e83
Dataset