Manually writing and maintaining cloud access control policies is error-prone and introduces severe security risks. To address the limitations of existing symbolic analysis approaches—namely, poor generalizability—and the absence of large language model (LLM) applications in this domain, this paper proposes CloudFix, the first automated policy repair framework that synergistically integrates formal methods with LLMs. Our approach leverages LLMs for semantic understanding and candidate generation, augments them with formal fault localization and SMT-based semantic verification for explainable and formally verifiable end-to-end repair, and incorporates AWS-specific policy parsing and synthetic request generation. Evaluated on a dataset of 282 real-world AWS policies, CloudFix achieves significantly higher repair accuracy than state-of-the-art baselines. We publicly release both the tool and dataset to support reproducible research and industrial adoption.

Access control policies are vital for securing modern cloud computing, where organizations must manage access to sensitive data across thousands of users in distributed system settings. Cloud administrators typically write and update policies manually, which can be an error-prone and time-consuming process and can potentially lead to security vulnerabilities. Existing approaches based on symbolic analysis have demon- strated success in automated debugging and repairing access control policies; however, their generalizability is limited in the context of cloud-based access control. Conversely, Large Language Models (LLMs) have been utilized for automated program repair; however, their applicability to repairing cloud access control policies remains unexplored. In this work, we introduce CloudFix, the first automated policy repair framework for cloud access control that combines formal methods with LLMs. Given an access control policy and a specification of allowed and denied access requests, CloudFix employs Formal Methods-based Fault Localization to identify faulty statements in the policy and leverages LLMs to generate potential repairs, which are then verified using SMT solvers. To evaluate CloudFix, we curated a dataset of 282 real-world AWS access control policies extracted from forum posts and augmented them with synthetically generated request sets based on real scenarios. Our experimental results show that CloudFix improves repair accuracy over a Baseline implementation across varying request sizes. Our work is the first to leverage LLMs for policy repair, showcasing the effectiveness of LLMs for access control and enabling efficient and automated repair of cloud access control policies. We make our tool Cloudfix and AWS dataset publicly available.