Understanding policy intent and misconfigurations from implementations: consistency and convergence
نویسندگان
چکیده
We study the problem of inferring policy intent to identify misconfigurations in access control implementations. This is in contrast to traditional role-mining techniques, which focus on creating better abstractions for access control management. We show how raw metadata can be summarized effectively, by grouping together users with similar permissions over shared resources. Using these summary statements, we apply statistical techniques to detect outliers, which we classify as security and accessibility misconfigurations. Specifically, we show how our techniques for mining policy intent are robust, and have strong consistency and convergence guarantees.
منابع مشابه
The new implicit finite difference method for the solution of time fractional advection-dispersion equation
In this paper, a numerical solution of time fractional advection-dispersion equations are presented.The new implicit nite dierence methods for solving these equations are studied. We examinepractical numerical methods to solve a class of initial-boundary value fractional partial dierentialequations with variable coecients on a nite domain. Stability, consistency, and (therefore) convergenceof t...
متن کاملReduction-Based Formal Analysis of BGP Instances
Today’s Internet interdomain routing protocol, the Border Gateway Protocol (BGP), is increasingly complicated and fragile due to policy misconfigurations by individual autonomous systems (ASes). These misconfigurations are often difficult to manually diagnose beyond a small number of nodes due to the state explosion problem. To aid the diagnosis of potential anomalies, researchers have develope...
متن کاملConvergence, Consistency and Stability in Fuzzy Differential Equations
In this paper, we consider First-order fuzzy differential equations with initial value conditions. The convergence, consistency and stability of difference method for approximating the solution of fuzzy differential equations involving generalized H-differentiability, are studied. Then the local truncation error is defined and sufficient conditions for convergence, consistency and stability of ...
متن کاملAchieving a “Grand Convergence” in Global Health by 2035: Rwanda Shows the Way; Comment on “Improving the World’s Health Through the Post-2015 Development Agenda: Perspectives From Rwanda”
Global Health 2035, the report of The Lancet Commission on Investing in Health, laid out a bold, highly ambitious framework for making rapid progress in improving global public health outcomes. It showed that with the right health investments, the international community could achieve a “grand convergence” in global health—a reduction in avertable infectious, maternal, and child deaths down to ...
متن کاملExtended Geometric Processes: Semiparametric Estimation and Application to ReliabilityImperfect repair, Markov renewal equation, replacement policy
Lam (2007) introduces a generalization of renewal processes named Geometric processes, where inter-arrival times are independent and identically distributed up to a multiplicative scale parameter, in a geometric fashion. We here envision a more general scaling, not necessar- ily geometric. The corresponding counting process is named Extended Geometric Process (EGP). Semiparametric estimates are...
متن کامل