Baaz: A System for Detecting Access Control Misconfigurations

Maintaining correct access control to shared resources such as file servers, wikis, and databases is an important part of enterprise network management. A combination of many factors, including high rates of churn in organizational roles, policy changes, and dynamic information sharing scenarios, can trigger frequent updates to user permissions, leading to potential inconsistencies. With Baaz, the authors present a distributed system that monitors updates to access control metadata, analyzes this information to alert administrators about potential security and accessibility issues, and recommends suitable changes.