Privilege Aggregation and Creep


Privilege Aggregation and Creep

Privilege Aggregation and Creep is the cause and effect. Here’s my definition:

The privileges granted to a subject accumulate, e.g. because of promotions or rotations over time, to the extent that the aggregation of the privileges exceeds what the subject needs to do his or her duty or violates the security policies.

Confusion Point

Aggregation and Inference in the Context of Privacy

I treat aggregation as the means, while inference as the end. It’s just a process of data collection and reasoning by induction and deduction to make a conclusion.

Example: Aggregation Scam

Access Control Terminologies


An attribute or set of attributes that uniquely describe a subject within a given context.
NIST SP 800-63-3 under Identity


An active entity, generally in the form of a person, process, or device, that causes information to flow among objects or changes the system state.
NIST SP 800-33


A right granted to an individual, a program, or a process.
NIST SP 800-12 Rev. 1 under Privilege (CNSSI 4009)


Authorization to perform some action on a system.


The right or a permission that is granted to a system entity to access a system resource. NIST SP 800-82 Rev. 2 under Authorization (RFC 4949)

The process of initially establishing access privileges of an individual and subse­quently verifying the acceptability of a request for access.
NISTIR 4734 under Authorization


Something that you have a right to do or have, or the right to do or have something.
Cambridge Dictionary

1 thought on “Privilege Aggregation and Creep

  1. Very nice information…You deserve more followers 🙂

    BTW, if you have time, please visit my blog and if you like my posts, please follow my blog :)…I will #FollowforFollow 🙂

Leave a Reply