Saved in:
| Main Author: | |
|---|---|
| Format: | Recurso digital |
| Language: | |
| Published: |
Zenodo
2026
|
| Online Access: | https://doi.org/10.5281/zenodo.18768824 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866901266207080448 |
|---|---|
| author | Parisel, Christophe |
| author_facet | Parisel, Christophe |
| contents | <p>Non-human identities (NHIs) in cloud environments may form strongly connected components (SCCs) that defeat existing automated policy analysis tools and require costly manual review. We introduce the primorial invariant: a canonical encoding of SCC cycle structure that enables automated classification of cyclic privilege patterns into three actionable categories: reduction (benign cycles that can be collapsed), fusion (structurally equivalent cycles that share a single analyst decision), and fusion-reduction (approximate variants that can be jointly reviewed and simplified). Unlike attack-graph or black-box learning approaches, the method is lightweight, tolerant to bounded collisions, and designed explicitly for operational scalability rather than perfect discrimination.</p> |
| format | Recurso digital |
| id | zenodo_https___doi_org_10_5281_zenodo_18768824 |
| institution | Zenodo |
| language | |
| publishDate | 2026 |
| publisher | Zenodo |
| record_format | zenodo |
| spellingShingle | A Prime-Factorization Invariant for Classifying Cyclic Privilege Escalation in Cloud IAM Parisel, Christophe <p>Non-human identities (NHIs) in cloud environments may form strongly connected components (SCCs) that defeat existing automated policy analysis tools and require costly manual review. We introduce the primorial invariant: a canonical encoding of SCC cycle structure that enables automated classification of cyclic privilege patterns into three actionable categories: reduction (benign cycles that can be collapsed), fusion (structurally equivalent cycles that share a single analyst decision), and fusion-reduction (approximate variants that can be jointly reviewed and simplified). Unlike attack-graph or black-box learning approaches, the method is lightweight, tolerant to bounded collisions, and designed explicitly for operational scalability rather than perfect discrimination.</p> |
| title | A Prime-Factorization Invariant for Classifying Cyclic Privilege Escalation in Cloud IAM |
| url | https://doi.org/10.5281/zenodo.18768824 |