all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Greybox Penetration Testing on Cloud Access Control with IAM Modeling and Deep Reinforcement Learning. (arXiv:2304.14540v1 [cs.CR])

Add to bookmarks
May 1, 2023, 1:10 a.m. | Yang Hu, Wenxi Wang, Mohit Tiwari

cs.CR updates on arXiv.org arxiv.org

Identity and Access Management (IAM) is an access control service in cloud
platforms. To securely manage cloud resources, customers are required to
configure IAM to specify the access control rules for their cloud
organizations. However, IAM misconfiguration may be exploited to perform
privilege escalation attacks, which can cause severe economic loss. To detect
privilege escalations due to IAM misconfigurations, existing third-party cloud
security services apply whitebox penetration testing techniques, which require
the access of complete IAM configurations. This requirement might …

access access control access management cloud cloud access cloud platforms cloud resources control customers escalation exploited iam identity identity and access identity and access management manage management may misconfiguration modeling organizations penetration penetration testing platforms privilege privilege escalation resources rules service testing

Visit resource

More from arxiv.org / cs.CR updates on arXiv.org

PrivLM-Bench: A Multi-level Privacy Evaluation Benchmark for Language Models 2 days, 8 hours ago | arxiv.org
accessibility art arxiv attention +15
Provably Robust Cost-Sensitive Learning via Randomized Smoothing 2 days, 8 hours ago | arxiv.org
arxiv cost cs.cr cs.lg +1
WW-FL: Secure and Private Large-Scale Federated Learning 2 days, 8 hours ago | arxiv.org
arxiv attacks client cs.cr +28
Formalizing and Benchmarking Prompt Injection Attacks and Defenses 2 days, 8 hours ago | arxiv.org
arxiv attacks benchmarking cs.ai +9
SecureFalcon: Are We There Yet in Automated Software Vulnerability Detection with LLMs? 2 days, 8 hours ago | arxiv.org
adoption analysis applications arxiv +30
An Efficient and Multi-private Key Secure Aggregation for Federated Learning 2 days, 8 hours ago | arxiv.org
aggregation arxiv client cs.ai +21
How (not) to Build Quantum PKE in Minicrypt 2 days, 8 hours ago | arxiv.org
arxiv box build can +12
Computing Low-Entropy Couplings for Large-Support Distributions 2 days, 8 hours ago | arxiv.org
arxiv computing cs.cr cs.it +6
Unveiling and Mitigating Backdoor Vulnerabilities based on Unlearning Weight Changes and Backdoor Activeness 2 days, 8 hours ago | arxiv.org
arxiv attacks backdoor backdoor attacks +14

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com