Cloud-IAM-Trust-Simulator Static reasoning framework for modeling identity trust transitivity and boundary violations in cloud IAM systems Executive Summary Cloud-IAM-Trust-Simulator is a static security reasoning framework designed to model and explain implicit trust relationships in cloud Identity and Access Management (IAM) systems, with a focus on Google Cloud.
Instead of detecting exploits or scanning live environments, this project analyzes identity composition logic—how legitimate IAM features can be combined in ways that unintentionally cross security boundaries.
The goal is to help security researchers, architects, and auditors understand why certain IAM designs are risky, before they are abused in practice. This repository exists to improve the quality of responsible disclosure reports, architectural reviews, and cloud security education.
What This Project Is NOT This repository is intentionally not:
An exploit framework or vulnerability scanner
A misconfiguration detection tool
A penetration testing utility
It does not perform:
Network requests or Metadata server access
Token generation or privilege escalation
Live environment interaction
No code in this repository can be used to gain access to cloud resources.
What This Project IS This project is a:
Static identity reasoning framework: Aligned with the IPPI (Identity Privilege Path Identification) methodology.
Design-level IAM analysis tool: Focuses on structural flaws rather than transient bugs.
Non-executable proof generator: Produces logical artifacts suitable for research and audits.
It models and explains:
Identity transitivity and implicit trust relationships
Confused Deputy risks
IAM boundary violations at an architectural level
The output of this tool is logic and explanation, not access.
Core Concept: Identity Trust Transitivity Modern cloud IAM systems allow identities to interact in complex ways. While each individual permission may be valid in isolation, their composition can create unintended privilege paths.
IPPI Methodology Application: The simulator evaluates whether identity transitions violate security invariants such as:
Least Privilege
Explicit Trust
Non-Transitive Authorization
Research Capabilities Identity Modeling: Simulate abstract identity flows without executing them.
Invariant Checking: Verify whether identity transitions violate design-level security rules.
Confused Deputy Simulation: Model scenarios where delegated trust exceeds documented intent.
Non-Executable Proofs: Produce reasoning artifacts suitable for professional VRP submissions.
Intended Use Cases Writing high-quality Google VRP reports
Cloud IAM architecture reviews
Security education and training
Explaining IAM risks to non-security stakeholders
Legal, Ethical & VRP Compliance This project is built to comply with responsible disclosure standards. It avoids all exploit primitives, performs no live testing, and encourages direct reporting to vendors. If you discover a real, functional vulnerability using the reasoning models provided here, you should report it responsibly via the appropriate vendor channels.
Repository Structure Cloud-IAM-Trust-Simulator/ ├── README.md # This document ├── SECURITY.md # Responsible disclosure policy ├── simulator.py # Static reasoning engine ├── logic_models/ # Abstract IAM logic scenarios (JSON) └── LICENSE # Apache License 2.0
Philosophy This project does not show how to break systems. It shows why systems break when trust is composed incorrectly. Instead of writing exploits, it builds mental models based on the IPPI framework.
License This project is licensed under the Apache License 2.0.
Author: Panagiotis Ntinas (panoskoufodinas-tech) Focus: Cloud IAM / Identity Security / Trust Modeling Status: White Hat Research & Education