Game to Dethrone: A Least Privilege CTF

Authors

Wenjing Wu, Portland State UniversityFollow
Wu-chang Feng, Portland State UniversityFollow

Published In

2021 IEEE 6th International Conference on Smart Cloud (smartcloud)

Document Type

Citation

Publication Date

11-2021

Abstract

Identity and Access Management (IAM) misconfiguration is one of the most critical threats to the security of cloud environments. As more infrastructure is being migrated to the cloud, the importance of following the principle of least privilege (PoLP) to mitigate security risks has significantly increased. Unfortunately, the mechanisms provided for doing so in the cloud are complex and substantially different than traditional legacy infrastructure. As a result, the number of practitioners that know how to secure cloud projects is insufficient compared to the number of cloud projects being deployed. To address the issue, this paper describes a Least Privilege CTF, a series of exercises that allows practitioners to practice applying least privileges on cloud deployments that are easily deployed with minimal cost.

Rights

Copyright 2021 IEEE - All rights reserved.

Locate the Document

https://doi.org/10.1109/SmartCloud52277.2021.00030

DOI

10.1109/SmartCloud52277.2021.00030

Persistent Identifier

https://archives.pdx.edu/ds/psu/36833

Publisher

IEEE

Citation Details

Wu, W., & Feng, W.-chang. (2021). Game to Dethrone: A Least Privilege CTF. Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/smartcloud52277.2021.00030