Understanding policy intent and misconfigurations from implementations: Consistency and Convergence

We study the problem of inferring policy intent to identify
miscon gurations in access control implementations. This is in contrast
to traditional role-mining techniques, which focus on creating better ab-
stractions for access control management. We show how raw metadata
can be summarized e ectively, by grouping together users with similar
permissions over shared resources. Using these summary statements, we
apply statistical techniques to detect outliers, which we classify as se-
curity and accessibility miscon gurations. Speci cally, we show how our
techniques for mining policy intent are robust, and have strong consis-
tency and convergence guarantees.