| CPC H04L 63/20 (2013.01) [H04L 41/145 (2013.01)] | 20 Claims |
|
1. A system to prevent multi-step security attacks, comprising:
a storage device; and
a processor device in a network system communicatively coupled to the storage device, wherein the processor device executes application code instructions that are stored in the storage device to cause the system to:
identify features of an identification and access management system operated by a network computing system;
based on the features, create a formal model of the identification and access management system by providing, to the formal model, policies and rules associated with the identification and access management system;
receive input of one or more statuses of a simulated user into a model checker that simulates users in the formal model created for the identification and access management system, the one or more statuses comprising at least a privilege status of the simulated user;
simulate, via the model checker, every first action available to the simulated user, wherein at least one first action associated with an access request escalates the privilege status of the simulated user;
simulate, via the model checker, every available subsequent course of action of the simulated user after simulating each first action, wherein at least one of available subsequent courses of action of the access request is permitted based on an escalated privilege status;
determine, based on simulating a subsequent course of action of the simulated user, that the escalated privilege status results in a security conflict; and
revise identified features of the identification and access management system based on a determination that the escalated privilege status results in the security conflict.
|