Scalable Privilege Analysis for Multi-Cloud Big Data Platforms: A Hypergraph Approach

TL;DR

This paper introduces a hypergraph-based privilege analysis framework for multi-cloud platforms, significantly improving scalability and detection speed over traditional methods, enabling real-time security assessments.

Contribution

It presents a novel hypergraph model integrating NGAC for scalable privilege analysis, reducing complexity from cubic to sub-linear, and demonstrates practical effectiveness on large AWS environments.

Findings

Achieves 10x faster privilege detection than ABAC

Reduces complexity from O(n^3) to O(sqrt n)

Enables sub-second privilege vulnerability detection

Abstract

The rapid adoption of multi-cloud environments has amplified risks associated with privileged access mismanagement. Traditional Privileged Access Management (PAM) solutions based on Attribute-Based Access Control (ABAC) exhibit cubic O(n^3) complexity, rendering real-time privilege analysis intractable at enterprise scale. We present a novel PAM framework integrating NIST's Next Generation Access Control (NGAC) with hypergraph semantics to address this scalability crisis. Our approach leverages hypergraphs with labeled hyperedges to model complex, multi-dimensional privilege relationships, achieving sub-linear O(sqrt n) traversal complexity and O(nlogn) detection time-rigorously proven through formal complexity analysis. We introduce a 3-Dimensional Privilege Analysis framework encompassing Attack Surface, Attack Window, and Attack Identity to systematically identify privilege vulnerabilities. Experimental validation on AWS-based systems with 200-4000 users demonstrates 10x improvement over ABAC and 4x improvement over standard NGAC-DAG, enabling sub-second privilege detection at scale. Real-world use cases validate detection of privilege escalation chains, over-privileged users, and lateral movement pathways in multi-cloud infrastructures.