Microsoft Corporation
METHOD AND SYSTEMS FOR ANALYZING SECURITY COVERAGE OF A SET OF ENTERPRISE ACCESS MANAGEMENT POLICIES

Abstract:

Disclosed in some examples, are methods, systems, and machine-readable mediums for identifying security vulnerabilities across a plurality of access control policies. An administrator of the computing resource may be alerted to these vulnerabilities to allow the administrator to craft a policy, or modify an existing policy, to close these security gaps. In other examples, the system may automatically suggest and/or apply a modification to an existing policy or a new access control policy that closes the security gaps. The vulnerabilities may be determined based upon a comparison of the access control policy criteria in the previously set access control policies and a set of possible values of access control signals to determine access scenarios that are not covered by the access control policies.