AWS 환경에서 로그 기반 최소 권한 정책 생성을 위한 템플릿 데이터베이스 설계 및 검증

Vol. 35, No. 3, pp. 493-504, 6월. 2025
10.13089/JKIISC.2025.35.3.493, Full Text:
Keywords: Dynamic Least Privilege Policy, AWS CloudTrail Log Analysis, Permission Dependency Reflection
Abstract

With increasing security threats in cloud environments, the least privilege has become important. In platforms like AWS, complex permission management often leads to over-provisioning and vulnerabilities. Traditional policy databases miss dependent and dynamic permissions due to simple records. To address these challenges, we propose a dynamic framework using CloudTrail logs with action grouping, placeholder-based generation, and dependent permission integration. Thus, we compiled a database of 644 policies for S3 and EC2, creating a scalable least privilege system.

Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[IEEE Style]
최유정, 김지윤, 박현준, 차원제, 김태양, 신예지, "Template-Based Databasse Design and Validation for Dynamic Least Privilege Policy Generation in AWS," Journal of The Korea Institute of Information Security and Cryptology, vol. 35, no. 3, pp. 493-504, 2025. DOI: 10.13089/JKIISC.2025.35.3.493.

[ACM Style]
최유정, 김지윤, 박현준, 차원제, 김태양, and 신예지. 2025. Template-Based Databasse Design and Validation for Dynamic Least Privilege Policy Generation in AWS. Journal of The Korea Institute of Information Security and Cryptology, 35, 3, (2025), 493-504. DOI: 10.13089/JKIISC.2025.35.3.493.