Saved in:
Bibliographic Details
Main Author: Parisel, Christophe
Format: Recurso digital
Language:
Published: Zenodo 2026
Online Access:https://doi.org/10.5281/zenodo.18768824
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866901266207080448
author Parisel, Christophe
author_facet Parisel, Christophe
contents <p>Non-human identities (NHIs) in cloud environments may form strongly connected components (SCCs) that defeat existing automated policy analysis tools and require costly manual review. We introduce the primorial invariant: a canonical encoding of SCC cycle structure that enables automated classification of cyclic privilege patterns into three actionable categories: reduction (benign cycles that can be collapsed), fusion (structurally equivalent cycles that share a single analyst decision), and fusion-reduction (approximate variants that can be jointly reviewed and simplified). Unlike attack-graph or black-box learning approaches, the method is lightweight, tolerant to bounded collisions, and designed explicitly for operational scalability rather than perfect discrimination.</p>
format Recurso digital
id zenodo_https___doi_org_10_5281_zenodo_18768824
institution Zenodo
language
publishDate 2026
publisher Zenodo
record_format zenodo
spellingShingle A Prime-Factorization Invariant for Classifying Cyclic Privilege Escalation in Cloud IAM
Parisel, Christophe
<p>Non-human identities (NHIs) in cloud environments may form strongly connected components (SCCs) that defeat existing automated policy analysis tools and require costly manual review. We introduce the primorial invariant: a canonical encoding of SCC cycle structure that enables automated classification of cyclic privilege patterns into three actionable categories: reduction (benign cycles that can be collapsed), fusion (structurally equivalent cycles that share a single analyst decision), and fusion-reduction (approximate variants that can be jointly reviewed and simplified). Unlike attack-graph or black-box learning approaches, the method is lightweight, tolerant to bounded collisions, and designed explicitly for operational scalability rather than perfect discrimination.</p>
title A Prime-Factorization Invariant for Classifying Cyclic Privilege Escalation in Cloud IAM
url https://doi.org/10.5281/zenodo.18768824