English

Scalable Privilege Analysis for Multi-Cloud Big Data Platforms: A Hypergraph Approach

Cryptography and Security 2025-11-21 v1

Abstract

The rapid adoption of multi-cloud environments has amplified risks associated with privileged access mismanagement. Traditional Privileged Access Management (PAM) solutions based on Attribute-Based Access Control (ABAC) exhibit cubic O(n^3) complexity, rendering real-time privilege analysis intractable at enterprise scale. We present a novel PAM framework integrating NIST's Next Generation Access Control (NGAC) with hypergraph semantics to address this scalability crisis. Our approach leverages hypergraphs with labeled hyperedges to model complex, multi-dimensional privilege relationships, achieving sub-linear O(sqrt n) traversal complexity and O(nlogn) detection time-rigorously proven through formal complexity analysis. We introduce a 3-Dimensional Privilege Analysis framework encompassing Attack Surface, Attack Window, and Attack Identity to systematically identify privilege vulnerabilities. Experimental validation on AWS-based systems with 200-4000 users demonstrates 10x improvement over ABAC and 4x improvement over standard NGAC-DAG, enabling sub-second privilege detection at scale. Real-world use cases validate detection of privilege escalation chains, over-privileged users, and lateral movement pathways in multi-cloud infrastructures.

Keywords

Cite

@article{arxiv.2511.15837,
  title  = {Scalable Privilege Analysis for Multi-Cloud Big Data Platforms: A Hypergraph Approach},
  author = {Sai Sitharaman and Hassan Karim and Deepti Gupta and Mudit Tyagi},
  journal= {arXiv preprint arXiv:2511.15837},
  year   = {2025}
}
R2 v1 2026-07-01T07:46:07.747Z