CIMA (Cloud IAM Misconfiguration Auditor) is a locally hosted, AI-driven web application designed to audit and analyze Identity and Access Management (IAM) policies for AWS, GCP, and Azure.
This project was developed as a Final Year Project for the Bachelor of Science (Honours) in Advanced Networking and Cyber Security at Brainware University.
- Inspiration & Problem Statement
- How It Works
- Key Features
- Architecture
- MITRE ATT&CK Mapping
- Performance Benchmarks
- Installation & Usage
- Technology Stack
- Authors
The Problem: In the age of multi-cloud infrastructure, IAM represents the new perimeter. However, misconfigurations—such as excessive permissions, wildcard usage, and improper role bindings—remain the leading cause of cloud data breaches (Gartner, 2023). Manual auditing of JSON/YAML policies across AWS, Azure, and GCP is time-consuming, error-prone, and requires deep expertise in each platform's distinct syntax.
The Solution: CIMA democratizes cloud security by providing a lightweight, AI-powered auditor that runs offline. It leverages Large Language Models (LLMs) to understand the semantics of a policy, not just the syntax, allowing it to detect complex risks like privilege escalation paths that static tools miss.
CIMA acts as a chat-based security consultant. You can paste an IAM policy, and CIMA will:
- Analyze: Parse the JSON structure and identify the Cloud Provider (AWS/GCP/Azure).
- Detect: Use LLM reasoning to find risks (e.g.,
AdministratorAccess,iam:PassRole, Public S3 Buckets). - Map: Correlate findings with security standards and MITRE ATT&CK tactics.
- Remediate: Generate a secure, least-privilege version of the policy.
- Multi-Cloud Support: Analyzes policies from AWS (JSON), GCP (Bindings), and Azure (RBAC).
- Privacy-First AI: Powered by local LLMs (Llama 3.1, Mistral, Gemma) via Ollama. No data leaves your machine.
- Interactive Chat UI: A modern, ChatGPT-like interface with Dark/Light mode support.
- Structured Analysis: Returns findings in standard JSON format with Severity ratings (High/Medium/Low).
- Export Reports: Download your audit session for compliance reporting.
CIMA is architected as a three-tier system:
- Frontend: A responsive Web UI built with HTML5, CSS3, and JavaScript, ensuring a smooth chat experience.
- Backend: A Flask (Python) server that handles request routing, session management, and prompt engineering.
- AI Engine: Ollama running locally, serving open-weight models like Llama 3.1 to perform high-fidelity inference without API costs.
Figure 1: High-Level System Architecture connecting Frontend, Flask API, and Ollama AI Engine.
Figure 2: Component Interaction Flow - Detailed Structure.
The modern, dark-themed interface invites users to start auditing immediately.
Seamlessly switch between Light and Dark modes for comfortable viewing.
| Light Mode | Dark Mode |
|---|---|
 |
 |
CIMA identifies risks and provides JSON-formatted remediation steps.
CIMA maps detected misconfigurations to real-world threat tactics:
| Risk Type | MITRE Tactic | ID | Description |
|---|---|---|---|
| Wildcard Permissions | Privilege Escalation | T1078 |
Overly broad permissions allowing unintended access. |
| PassRole Abuse | Lateral Movement | T1548 |
Attackers passing roles to services to escalate privileges. |
| Public Exposure | Exfiltration | T1537 |
Misconfigured storage (S3/Blob) accessible to the public. |
| Unused Keys | Credential Access | T1552 |
Dormant keys increasing attack surface. |
We rigorously tested CIMA against 50 Real-World Scenarios.
| Metric | Score | Notes |
|---|---|---|
| Risk Detection Accuracy | 92% | Llama 3.1 consistently flagged high-risk configurations. |
| Provider Detection | 100% | Correctly identified AWS vs GCP vs Azure syntax. |
| Average Latency | < 4s | On standard hardware using quantized models. |
(Detailed benchmarks available in the project report)
# 1. Clone the repo
git clone https://github.com/Alpha-Soumen/CIMA-Cloud-IAM-Assistant.git
cd CIMA-Cloud-IAM-Assistant
# 2. Install dependencies
pip install -r requirements.txt
# 3. Run the app
python app.pyPro Tip: Windows users can simply run
.\run.ps1to auto-start everything!
Access the app at: http://127.0.0.1:5000
- Language: Python 3.9
- Web Framework: Flask 2.0+
- Frontend: HTML5, Vanilla JS, Jinja2
- LLM Runtime: Ollama (Llama 3.1)
- Styling: Custom CSS (Dark/Light Themes)
Department of Cyber Science & Technology
Brainware University (December 2025)
Soumen Bhunia
Biswajit Pal
Ananya Dutta
This project is open-source and available under the MIT License.