Abstract: Techniques are described herein that are capable of evaluating a result of enforcement of access control policies instead of enforcing the access control policies. For instance, a result of enforcement of an access control policy with regard to sign-in processes is evaluated instead of enforcing the access control policy with regard to the sign-in processes. The evaluation includes monitoring access requests that are received during the sign-in processes. Each access request requests access to a resource. The evaluation further includes comparing attributes of each access request against the access control policy that specifies criteria that are to be satisfied as a prerequisite to granting access to the resource to which access is requested by the respective access request. Metadata associated with the sign-in processes is generated instead of enforcing the access control policy with regard to the sign-in processes.

Abstract: Disclosed in some examples, are methods, systems, and machine-readable mediums for identifying security vulnerabilities across a plurality of access control policies. An administrator of the computing resource may be alerted to these vulnerabilities to allow the administrator to craft a policy, or modify an existing policy, to close these security gaps. In other examples, the system may automatically suggest and/or apply a modification to an existing policy or a new access control policy that closes the security gaps. The vulnerabilities may be determined based upon a comparison of the access control policy criteria in the previously set access control policies and a set of possible values of access control signals to determine access scenarios that are not covered by the access control policies.

Abstract: Techniques are described herein that are capable of selectively authenticating a user using voice recognition and random representations. A credential that is received from an entity is compared to a reference credential associated with a user. The random representations are caused to be displayed to the entity based at least in part on the credential corresponding to the reference credential. Each random representation has a random entropy. A representation of speech of the entity is analyzed to determine whether a voice characterized by the speech corresponds to a voice profile that characterizes a voice of the user and to determine whether the speech includes a verbal identification of each random representation. The user is selectively authenticated based at least in part on whether the voice corresponds to the voice profile and further based at least in part on whether the speech includes the verbal identification of each random representation.

Abstract: Disclosed in some examples, are methods, systems, and machine-readable mediums for identifying security vulnerabilities across a plurality of access control policies. An administrator of the computing resource may be alerted to these vulnerabilities to allow the administrator to craft a policy, or modify an existing policy, to close these security gaps. In other examples, the system may automatically suggest and/or apply a modification to an existing policy or a new access control policy that closes the security gaps. The vulnerabilities may be determined based upon a comparison of the access control policy criteria in the previously set access control policies and a set of possible values of access control signals to determine access scenarios that are not covered by the access control policies.

Abstract: Techniques are described herein that are capable of evaluating a result of enforcement of access control policies instead of enforcing the access control policies. For instance, a result of enforcement of an access control policy with regard to sign-in processes is evaluated instead of enforcing the access control policy with regard to the sign-in processes. The evaluation includes monitoring access requests that are received during the sign-in processes. Each access request requests access to a resource. The evaluation further includes comparing attributes of each access request against the access control policy that specifies criteria that are to be satisfied as a prerequisite to granting access to the resource to which access is requested by the respective access request. Metadata associated with the sign-in processes is generated instead of enforcing the access control policy with regard to the sign-in processes.