Slide 17
Slide 17 text
@luxas @luxas
Challenge#2: Ensuring correctness
Testing: Unit tests, static analysis, fuzzing, differential testing
Policy Equality: A lot bugs arise when you change/upgrade/refactor
something, and you miss an edge case. Strive for a canonical
representation of your ACL logic, so you can check for equality.
Shadow rollout: Run both new and old policy in production,
enforce old, warn if new yields other results
Preventing Privilege Escalation: How can users be allowed to manage
a subdivision of the authorization state, without escalating their,
or someone else’s privileges?
17