The dynamic nature of cloud environments introduces significant challenges to enforcing the Principle of Least Privilege (PoLP). Unlike traditional on-premises systems with relatively static roles, cloud Identity and Access Management (IAM) involves highly granular, and ephemeral and cross-service permissions that evolve with workload and context. This complexity often leads to privilege sprawl - accumulation of excessive or stale permissions—which increases the attack surface, security risks and undermines compliance. Existing privilege refinement techniques rely on homogeneous similarity measures that fail to capture contextual and semantic relationships inherent to cloud environments. To address this gap, a novel context-aware pattern-mining framework, PatMine is introduced for refining access privileges through discovery of semantically rich usage patterns. PatMine introduces context-aware distance modeling using graph-based Feature-Specific Distance Measure (FSDM), and Uniform Distance Measure (UDM) that preserve semantic dependencies across IAM attributes. These distance measures enable the clustering of semantically similar access events, from which PatMine derives fine-grained, context-aware IAM policies that enforce PoLP without disrupting legitimate workflows. Unlike traditional recommenders, PatMine does not introduce new permissions; it refines existing privileges by adding contextual constraints or reducing permission scopes. Experiments on Google Cloud Platform (GCP) logs demonstrate that PatMine achieves up to 0.92 cluster cohesion and reduces excessive privileges by 35–40%, while maintaining operational continuity. By embedding contextual semantics into distance computation, PatMine operationalizes least-privilege enforcement for dynamic, multi-tenant cloud environments, providing a foundation for adaptive, context-aware access governance.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

PatMine: Advancing Cloud Security Through Graph-Based Context-Aware Access Pattern Mining

  • Vakkalagadda Satya Sai Prakash,
  • Srinivas Reddy Gopu,
  • Rajidi Satish Reddy

摘要

The dynamic nature of cloud environments introduces significant challenges to enforcing the Principle of Least Privilege (PoLP). Unlike traditional on-premises systems with relatively static roles, cloud Identity and Access Management (IAM) involves highly granular, and ephemeral and cross-service permissions that evolve with workload and context. This complexity often leads to privilege sprawl - accumulation of excessive or stale permissions—which increases the attack surface, security risks and undermines compliance. Existing privilege refinement techniques rely on homogeneous similarity measures that fail to capture contextual and semantic relationships inherent to cloud environments. To address this gap, a novel context-aware pattern-mining framework, PatMine is introduced for refining access privileges through discovery of semantically rich usage patterns. PatMine introduces context-aware distance modeling using graph-based Feature-Specific Distance Measure (FSDM), and Uniform Distance Measure (UDM) that preserve semantic dependencies across IAM attributes. These distance measures enable the clustering of semantically similar access events, from which PatMine derives fine-grained, context-aware IAM policies that enforce PoLP without disrupting legitimate workflows. Unlike traditional recommenders, PatMine does not introduce new permissions; it refines existing privileges by adding contextual constraints or reducing permission scopes. Experiments on Google Cloud Platform (GCP) logs demonstrate that PatMine achieves up to 0.92 cluster cohesion and reduces excessive privileges by 35–40%, while maintaining operational continuity. By embedding contextual semantics into distance computation, PatMine operationalizes least-privilege enforcement for dynamic, multi-tenant cloud environments, providing a foundation for adaptive, context-aware access governance.