Detecting Privilege Escalation with Temporal Braid Groups

Christophe Parisel

Detecting Privilege Escalation with Temporal Braid Groups

Christophe Parisel

TL;DR

Within the Strongly Connected Components (SCCs) formed during the temporal evolution of a Cloud permission graph, the Burau Lyapunov exponent LE is used as an algebraic probe to locate the boundary between two risks regimes, proving that no Abelian statistic can determine LE.

Abstract

Within the Strongly Connected Components (SCCs) formed during the temporal evolution of a Cloud permission graph, we use the Burau Lyapunov exponent LE as an algebraic probe to locate the boundary between two risks regimes. We prove that no Abelian statistic (edge counts, net privilege flow, gate-firing rates) can determine LE. The non-commutation advantage is small, but actionable: we show how to leverage it to discriminate the two outstanding risk regimes, that we call dispersed and focused, for automating classification and governing remediation of risky Cloud permission flows.

Detecting Privilege Escalation with Temporal Braid Groups

TL;DR

Abstract

Paper Structure (71 sections, 7 theorems, 29 equations, 6 figures, 7 tables)

This paper contains 71 sections, 7 theorems, 29 equations, 6 figures, 7 tables.

Introduction
Contributions.
Background
Strongly connected components
Random walks on graphs and Markov chains
Braid groups
Non-Commutation
The Burau representation
Construction: Permission Braids with Signal Injection
Permission transition graphs and the WAR permission scalar
SCC classification
NHI walkers and strand ordering
Gate condition and braid word injection
The injection word
Adjacent-position cancellation.
...and 56 more sections

Key Result

Proposition 3.4

The Burau matrix at $t = -1$ of $\sigma_i^2 \sigma_{i+1}^{-1}$ has characteristic polynomial with roots $\{1, 2+\sqrt{3}, 2-\sqrt{3}\}$. The dominant eigenvalue is $2 + \sqrt{3} \approx 3.732$.

Figures (6)

Figure 1: Adjacent-position cancellation: $\sigma_i^2 \sigma_{i+1}^{-1} \cdot \sigma_{i+1}^2 \sigma_{i+2}^{-1}$ collapses to a Burau-flat braid with spectral radius $1$.
Figure 2: The injection word $\sigma_1^2\sigma_2^{-1}$ on three strands. Two positive crossings of strands 1--2 followed by one negative crossing of strands 2--3 produce a genuinely non-Abelian braid with SR $= 2+\sqrt{3}$.
Figure 3: SCC 216: 9 directed (solid) and 2 bidirectional edges (paired, 40% opacity). $v_3$ is the directed fan-out hub; $v_2{\leftrightarrow}v_4$ and $v_2{\leftrightarrow}v_5$ are local bidir oscillators.
Figure 4: SCC 207: 10 directed (solid) and 4 bidirectional edges (paired, 40% opacity). $v_1$ is the bidir hub connected to $v_0$, $v_2$, $v_5$; $v_3$ and $v_4$ are directed fan-out sources sharing a bidir link.
Figure 5: SCC 126: 9 directed (solid) and 3 bidirectional edges (paired, 40% opacity). $v_1$ and $v_5$ are dual directed sources; $v_4$ is the bidir hub.
...and 1 more figures

Theorems & Definitions (27)

Definition 3.1: Directed WAR flow
Definition 3.2: Gate condition
Definition 3.3: Permission braid with word injection
Proposition 3.4: Spectral radius of the injection word
proof : Proof sketch
Definition 4.1: Unreduced Burau representation
Definition 4.2: Lyapunov exponent
Definition 4.3: $T$-scaling ratio
Definition 4.4: $k$-hub SCC
Definition 4.5: Spoke-covered $k$-hub SCC
...and 17 more

Detecting Privilege Escalation with Temporal Braid Groups

TL;DR

Abstract

Detecting Privilege Escalation with Temporal Braid Groups

Authors

TL;DR

Abstract

Table of Contents

Key Result

Figures (6)

Theorems & Definitions (27)