Access control policies are vital for securing modern cloud computing, where organizations must manage access to sensitive data across thousands of users in distributed system settings. Cloud administrators typically write and update policies manually, which can be an error-prone and time-consuming process and can potentially lead to security vulnerabilities. Existing approaches based on symbolic analysis have demonstrated success in automated debugging and repairing access control policies; however, their generalizability is limited in the context of cloud-based access control. Conversely, Large Language Models (LLMs) have been utilized for automated program repair; however, their applicability to repairing cloud access control policies remains unexplored. In this work, we introduce CloudFix, the first automated policy repair framework for cloud access control that combines formal methods with LLMs. Given an access control policy and a specification of allowed and denied access requests, CloudFix employs Formal Methods-based Fault Localization to identify faulty statements in the policy and leverages LLMs to generate potential repairs, which are then verified using SMT solvers. To evaluate CloudFix, we curated a dataset of 282 real-world AWS access control policies extracted from forum posts and augmented them with synthetically generated request sets based on real scenarios. Our experimental results show that CloudFix improves repair accuracy over a Baseline implementation across varying request sizes. Our work is the first to leverage LLMs for policy repair, showcasing the effectiveness of LLMs for access control and enabling efficient and automated repair of cloud access control policies. We make our tool Cloudfix and AWS dataset publicly available.

翻译：访问控制策略对于保障现代云计算安全至关重要，在分布式系统环境中，组织需要管理成千上万用户对敏感数据的访问。云管理员通常需要手动编写和更新策略，这一过程不仅耗时且容易出错，并可能引发安全漏洞。现有的基于符号分析的方法已在访问控制策略的自动调试与修复方面取得成效，但其在云访问控制场景下的泛化能力有限。另一方面，大型语言模型（LLMs）已被应用于自动程序修复领域，但其在云访问控制策略修复方面的适用性尚未得到探索。本研究提出CloudFix，首个结合形式化方法与LLMs的云访问控制策略自动修复框架。给定访问控制策略及允许/拒绝访问请求的规范说明，CloudFix首先采用基于形式化方法的故障定位技术识别策略中的错误语句，随后利用LLMs生成潜在修复方案，并通过SMT求解器进行验证。为评估CloudFix，我们构建了包含282个从技术论坛提取的真实AWS访问控制策略的数据集，并基于真实场景合成生成请求集进行数据增强。实验结果表明，在不同请求规模下，CloudFix相比基线实现显著提升了修复准确率。本研究首次将LLMs应用于策略修复领域，不仅证明了LLMs在访问控制任务中的有效性，更为云访问控制策略的高效自动化修复提供了可行方案。我们已公开CloudFix工具及AWS数据集。