{"ID":3005053,"CreatedAt":"2026-06-03T03:09:48.883664427Z","UpdatedAt":"2026-06-05T07:50:16.0004273Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2606.03289","arxiv_id":"2606.03289","title":"Privilege Risk Evolution for Non-Human Identities: A Temporal Fiber Model for Cloud IAM","abstract":"Cloud permission governance implicitly treats permission equivalence as a static relation. We show that for non-human identities (NHIs), equivalence has two irreducible components: structural equivalence, capturing identical permission profiles at a snapshot via graph fibration, and temporal equivalence, capturing recurring permission states via strongly connected components (SCCs) in a fiber transition graph. We call the equivalence classes under temporal equivalence privilege circuits. We formalize a three-layer framework: (1) a spatial quotient of the permission graph via fibration, (2) a lineage partition organizing stable transition compartments, (3) windowed SCC analysis as a temporal quotient within lineages. Empirical evaluation on a large Azure tenant supports the framework. Backtesting demonstrates that early observation of ratchet-type privilege circuits predicts long-term structural stability.","short_abstract":"Cloud permission governance implicitly treats permission equivalence as a static relation. We show that for non-human identities (NHIs), equivalence has two irreducible components: structural equivalence, capturing identical permission profiles at a snapshot via graph fibration, and temporal equivalence, capturing recu...","url_abs":"https://arxiv.org/abs/2606.03289","url_pdf":"https://arxiv.org/pdf/2606.03289v1","authors":"[\"Christophe Parisel\"]","published":"2026-06-02T07:52:01Z","proceeding":"cs.CR","tasks":"[\"cs.CR\"]","methods":"[\"Generative Adversarial Network\"]","has_code":false}