One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8393959 |
| Date de publication | 2023-10-10 15:39:40 (vue: 2023-10-10 21:07:17) |
| Titre | Échelle au-delà ducorp avec les politiques de contrôle d'accès assistées par l'IA Scaling BeyondCorp with AI-Assisted Access Control Policies |
| Texte | Ayush Khandelwal, Software Engineer, Michael Torres, Security Engineer, Hemil Patel, Technical Product Expert, Sameer Ladiwala, Software EngineerIn July 2023, four Googlers from the Enterprise Security and Access Security organizations developed a tool that aimed at revolutionizing the way Googlers interact with Access Control Lists - SpeakACL. This tool, awarded the Gold Prize during Google\'s internal Security & AI Hackathon, allows developers to create or modify security policies using simple English instructions rather than having to learn system-specific syntax or complex security principles. This can save security and product teams hours of time and effort, while helping to protect the information of their users by encouraging the reduction of permitted access by adhering to the principle of least privilege.Access Control Policies in BeyondCorpGoogle requires developers and owners of enterprise applications to define their own access control policies, as described in BeyondCorp: The Access Proxy. We have invested in reducing the difficulty of self-service ACL and ACL test creation to encourage these service owners to define least privilege access control policies. However, it is still challenging to concisely transform their intent into the language acceptable to the access control engine. Additional complexity is added by the variety of engines, and corresponding policy definition languages that target different access control domains (i.e. websites, networks, RPC servers).To adequately implement an access control policy, service developers are expected to learn various policy definition languages and their associated syntax, in addition to sufficiently understanding security concepts. As this takes time away from core developer work, it is not the most efficient use of developer time. A solution was required to remove these challenges so developers can focus on building innovative tools and products.Making it WorkWe built a prototype interface for interactively defining and modifying access control policies for the |
| Envoyé | Oui |
| Condensat | automated manual software with 2023 ability acceptable access accurate achieved acl acls across adapted added adding addition additional adequately adhered adhering adjusting agent aimed all allowed allows also always any applications approach are assessed assessment assisted associated autonomy awarded away ayush beyondcorp beyondcorp: beyondcorpgoogle both break building built can chain challenges challenging change changes checks colab combined commitment complex complexity compliance concepts concisely conservative context continue control core correct corresponding create created creation crucial curated cutting data dataset define defining definition described designed develop developed developer developers different difficulty disclosure diverse does domains during ease edge efficiency efficient effort encourage encouraging engine engineer engineerin engineers engines english ensure enterprise examples exist existing expected expert fine focus four from futurewhile generate generation give gold google googlers guidelines hackathon hand has have having helping hemil highest highly hours however implement impressive improve industry information infrastructure injections innovative instructions integration intent interact interactively interface internal invested its july khandelwal labeled ladiwala landscape language languages large leaking learn learning least level leveraging lgtm linting lists llm looking low make making managed michael model modifications:request modify modifying most navigating networks not occurs ongoing organizations other outputs own owners palm parameters patel performed performing permit permitted policies policy potential powered principle principles prioritize privilege prize produced product products progress prompt proposed protect prototype provide provided proxy rather recommended reducing reduction reflects relevant remove required requires review revolutionize revolutionizing risk rpc safe safeguards safety sameer save scaling security self semantically sensitive servers service shot simple software solution speakacl specific sufficiently supply sure syntactically syntax system take takes target task teammate teams technical test tests than these time tool tools torres transform tuning understanding unexpected unit use used users using variable variety various verify vulnerabilities way websites which work workwe |
| Tags | Tool Vulnerability |
| Stories | |
| Notes | ★★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.