公开(公告)号：US20230097770A1

公开(公告)日：2023-03-30

申请号：US17489012

申请日：2021-09-29

Applicant: VMware, Inc.

Inventor： Elena DIMITROVA ,  Georgi LEKOV ,  Radoslav GANKOV ,  Yoana STOYANOVA ,  Ivaylo KIRYAZOV

IPC: H04L29/06

Abstract: The disclosure herein describes monitoring authorization checks and detecting excess authorization privileges and other privilege usage patterns. An authorization check associated with an operation performed during a session in a computing environment is captured and a set of authorization privileges granted to a user of the session is identified. Based on comparison of the authorization privileges to authorization checks including the captured authorization check, excess authorization privileges granted to the user of the session is detected, wherein the excess authorization privileges are a subset of the identified set of authorization privileges. A privilege discrepancy notification based on the detected set of excess authorization privileges is generated. The detected privilege usage patterns described herein are used to improve the efficient use, and increase the security, of resources in the computing system. Further, the time required for authorization processing is reduced through caching of frequent privilege usage patterns.