all InfoSec news
Greybox Penetration Testing on Cloud Access Control with IAM Modeling and Deep Reinforcement Learning. (arXiv:2304.14540v1 [cs.CR])
cs.CR updates on arXiv.org arxiv.org
Identity and Access Management (IAM) is an access control service in cloud
platforms. To securely manage cloud resources, customers are required to
configure IAM to specify the access control rules for their cloud
organizations. However, IAM misconfiguration may be exploited to perform
privilege escalation attacks, which can cause severe economic loss. To detect
privilege escalations due to IAM misconfigurations, existing third-party cloud
security services apply whitebox penetration testing techniques, which require
the access of complete IAM configurations. This requirement might …
access access control access management cloud cloud access cloud platforms cloud resources control customers escalation exploited iam identity identity and access identity and access management manage management may misconfiguration modeling organizations penetration penetration testing platforms privilege privilege escalation resources rules service testing