 Let's get started we Of course I say that and before we actually dive into course. We have a guest speaker is going to tell you about a super cool Security event this weekend Hi everybody, my name is Anthony Coon. I'm running the double event program. Have you guys heard about it? Anybody raise your hand? We ran a last year. We have four different events Now I've been hired on full-time just to direct some hackathons for NCU engineering students We've got a pretty cool one coming up this weekend that you all should be interested in the theme is cyber security And so we can event that starts on a Friday you come in the evening and we'll deliver several challenge statements We'll spend the weekend using all the cool tech we have Ruinos raspberry pies We've got some key fob development devices all sorts of really techy stuff to Create a solution to these cyber security problems and then present them to a panel of judges on that Sunday You can come individually and find a team or you could bring a bunch of your friends and come as a team recruit members while you're there, but there are a lot of options and Don't be scared off by the fact that it is could be a competitive cyber security environment because we have several need statements ranging from as simple as like Creating a better education program for cyber security, you know teaching the masses why it's important to keep your password change Right, it is a hard problem, but at least it's low-level like you don't need a ton of cybersecurity knowledge You need a ton of education knowledge and you don't have people work, but then we even have needs to it's gonna be about tearing down some of the elements that created the near-eye botnet Disaster last year where they attacked GitHub and a bunch of the major sites So we've got all range and any group can win in there It's also all about promoting like start-up environment So the winning team gives a thousand dollars to seed funding and entry into one of our the funding competitions So it's a great event. And if you don't have time, I know this weekend is coming up real quick We still have two other events this year We got augmented virtual reality in October and then fancy and fiction in November Although that one is freshman only But next year or a next semester only have three new events with three new themes. So keep an eye out for it websites up there I've got flyers here. I'll walk around for anyone who's interested You don't feel obligated to take a flyer not gonna make me feel bad. Take a flyer Otherwise, are there any questions right now? Okay, beautiful. Thanks for having me Cool, let's thank our speaker Let's thank me due to a bunch of like hackathons regularly in here some people Yeah, we don't want to raise our hands Yeah, they can be super cool ways. I know one of our PhD students Can't know where the hackathon was but they end up developing this product and I think using some visa APIs And so they really liked it So they actually flew the team out to the visa headquarters to like demo their app But they built like in 48 hours. I believe he came with like no team in mind either. So definitely this is a good really good opportunity so you can go out and Raise your hand if you want a flyer Those watching on YouTube at the entire class raise their hands at unison It's actually like massive pandemonium. You don't have enough flyers. So everyone else will have to go to this website to get a flyer Don't know, don't know This is the trick. If you're not video recording what happens they don't actually know what's actually going to happen Great Cool. Okay, other classroom Stuff, so I did get up in the ongoing adventures of Adam versus in moon 2604 Did create part four so our Assessment service is running. I mean you guys probably don't care about the details, but basically well, maybe we'll get into that later that could be fun, but Basically, I have the central web server and that puts jobs in a queue of what things to grade and then I have a series of assessment servers that are pulling jobs from that queue to Evaluate and actually run on the test cases this way I can crank up when as always happens when you close the deadline and you All submit all at once. I can actually just spin up new instances just for that to help reduce the load and improve Breaking time So those are all 1604 they actually seem to be working Right now But so yes question User name it could be tied to you. It could be not be tied to you. It could be something clearly random. It could be Yes, I think you can do 10 or something. I will take the last one Okay, so for part four Since it needs to compile right so the whole goal is before run all the test cases rather than burning some mission And saying that your code isn't actually compiled and create and executable correctly I do kind of this two-faced thing called a smoke test for basically you upload your source files Do we want to do it now? A read me Source files Smoke test it'll say successful submission. So for the smoke test you have a hundred submission the smoke test Don't really matter. They're just compiling it. Then we go to assignment one status. You'll see so here You'll see it's still submitted. So it's still being processed by the assessment engine, but you will get that a Pass whether actually compile the project. There's only one test case that passes doesn't count for any points It's just a way for you to verify that. Yes, your code actually compiles Then when you're ready to submit this for grading you wouldn't hit this link I haven't actually made the test cases yet, but the infrastructure is all here. So I ended today So you will be able to click this link to submit it. I want to see Amount of time that long it takes It's not very fancy. There's not like a Your estimated wait time or anything. So please be patient questions Stop talking about Mac and mandatory access control and we've been talking about How we can try to Create the rules for a system that will enforce access control policy and a mandatory access control policy That restricts essentially the flow of information So from our levels Where do we want reads and writes to be able to happen easy? So you read down Makes sense because top-secret needs to be able to read everything below it But you can't read it up. So an unclassified person cannot read top-secret documents That is the simple security property that we've derived in class Similarly We talked about you can only write up so you can only create documents that are your security level or higher There any questions on this basic idea concept Yeah, if you're writing if your security level is confidential and you're writing a secret or top secret How are you going to read that? You cannot okay Which is fine. I mean you can think of it like an append only file right where you can just append to it But you can never read it and so you You would probably the way you would actually do this is you would write a classified document And then you would copy that to a top-secret document where you now no longer have any access rights But then if you're writing top-secret information Yeah, that's kind of it's into generating I guess who generates Makes that designation, right? Yeah, but it's tricky I guess the other way is you wouldn't want so I started writing to a top-secret file as a confidential person if I could read that Then if somebody else edits and adds top-secret information, I don't know that file Now leaked information from there, right? So that's why you don't I'm just wondering if now you become like I need to know on that file You could probably extend I mean yeah, we get into these are kind of more basic models and we'll get in kind of towards the end of What's the current kind of state of the art and what are actual systems? But yeah, this is kind of an early 80s when they were first thinking about how do you formally define these types of access control policies? And how can you prove that that would be correct? So yeah, the problem is that you have a classified person who is generating top-secret information So yes, they could write that to a classified file, which I agree would probably be bad So maybe they would just they would just have to write everything to a top-secret file and never be able to read it Which could be fine, right? Actually doesn't matter, right? I mean in some sense it all depends on what the mistake is, right, but So one of the important things is we don't really care about the trustworthiness of data, right? We just care about the label so you could be making this stuff up, right? That would be for other people and other channels to verify this system only cares about Never being able to release anything that is tagged as top-secret data Okay, so then we get into we talked about on Tuesday. We talked that this is not very This model is a little bit too simplistic, right? So we think about it in terms of threats and attack surface now if anybody with top-secret clearance is Is compromised or otherwise Either physically compromised or let's say starts executing some militia software on their system that starts acting as them That piece of software could access every single top-secret document that ever existed So we talked about categories So we discussed that and this it is kind of more of the real world how things are done is you don't just get broad access to everything in a security level you get on a need to know basis access to very specific things so Like a nuclear category a NATO category an ace category So how do we define this security policy now? Okay, so So what do we want from our security policy? So it's the same Rule so we came up with these security conditions the simple security condition in the star property Right do these now apply our new world with categories? So how would categories change other categories? change the situation so we have new NATO It's too hard for you to write in all caps every time so You say it was a nice So this would be the set of essentially categories, right? Yeah Thank you First one query So then how does that change so we had concepts before I have as a subject I have some security label Right and an object has a security label, which was just integers basically, but now what do we actually want? How does this change so as a person as a? subject in this system So we want to throw away security labels all together and say let's give her to this top secret secret confidential and classified Because that doesn't make sense and just a category focus So Right which makes sense right and the reverse right so whatever is access this ace project Doesn't have access to the nuclear information and within one project you may have different levels of classification, right? So one project if you think about whatever the ace project is there could be some classified things some Secret things and some top secret things so we want both of them. So in essence our security labels are essentially going to be Cheap figure out So everyone will have a label and a set of categories so you can think of it as a top Right the two topples so every so subjects and objects instead of just having a security label will have so the clearance I Don't get notation for this. Let's say it's like this and s objects It's going to be a label and So this will be see will be some subset of the categories, right doesn't make sense So then now how do we so then Now going back to our security policies So does the simple security condition still hold so that you can read an object if your security clearance is Greater than the objects No, so how do we want to change this to incorporate our new notion of? Categories so let's say I have people of the subject the category of the subject and then I have the label of the object and the category So for my security condition for reading what would I want to be the case? So when can a subject read the object when the security clearance the subject is greater than Unless it is greater than or equal to L zero. So what is this? The simplified model, right? So we have exactly so this needs to be true What would you say that the intersection of CS and CO Can't be no, right. They have to see us and CO have to have the same Objects I've done that so it's really good Right like basically whatever Objects you're reading or the set Since we said CS is the set, you know, they both have that NATO in it So if you were to intersect those it wouldn't be no because it would be NATO cool What's a simpler way to do this? It's true. I think it actually works There's a subset of CEO. Yeah, so the subject Yes, the subject right so the way I'm trying to trick you too much trick myself right, so the so yeah the right, this makes sense so the Subject security conditions must be the same as or greater than the objects So another actually let's see is not the same as this So this actually is a good. This was a good example. So for instance, if this was let's say a nuclear and ace and This was nuclear and NATO Right, everybody see that this first condition this first condition we tried Doesn't apply in this case because Even though they have one thing in common nuclear now You're essentially leaking to somebody who does not have access to NATO information NATO information This probably capture what we want Access in the example that you put up there. You would have to have both Yes, because that document contains both or more because that document contains both nuclear information and NATO information So if you are not cleared for both You cannot access that that if you're only there for one it doesn't matter you can't access that that You do not need to know that because it contains stuff that you don't need to know well, so what the star property How do we control reeds rights in this system? What was the star property so the star property controlled rights so this so the security property said we can read essentially to read If and only if this security case is true the star property is we can write if and only if The security level of the subject is less than or equal to the security level of the object So this in force to be Right up previous conditions Well, obviously your LS would have to be less than or equal to L. Oh Yeah, so we want to make sure that's Less they're equal to L. Oh, so this ensures that we can't write any secured we can't write any information to a Unclassified or classified level about this other access well wouldn't it just be the other way that? CO would have to be a subset of CS you'd have access to part of the At least part of it But don't have to have access to everything because you're only writing to it You don't have to see everything but you need to be able to write to it So let's think through this. Okay. Let's go through back to our example. So here, okay, we flipped Yeah, it will still be CS Sorry, I'm gonna put it back the other way so you can tell me because this is confusing. Okay CS CO what subset relationship do you want? CS would be a subset of CO I know I know the other way CO would be a subset of CS like this Okay Let's think about this. So Let's think through the cases. So let's you know, we should go through the base case We have some nuclear documents. So That the levels are both top secrets the same levels one's nuclear the other one's nuclear This says we can go ahead and write to that file that intuitively makes sense Let's say now this is not so we have a top secret nuclear and top secret Entity set and so no categorization. So can we have that? Yeah, does every does every piece of data have to be assigned to a category one or more categories? No, they just be labeled top secret doesn't have to be necessarily part of a program so I want to be able to if I have top secret nuclear clearance write to a file that is top secret and has no clearance Or has no sorry clearance No Okay, it doesn't have it does not have any categories. So do we want this? Yeah Right similar to the same argument of writing top secret information to a classified file Right, we don't want that because we don't want there to even be the possibility of data leaking from top secret to confidential Similarly here this subject has access to nuclear information And so by writing to a file even though it's at the top secret level that does not contain nuclear That is not classified for that which means that anyone else can read that file if they don't have nuclear access the category so We would want to what allow or deny this We want to deny one deny deny deny so does this properly specify this so it is The second tending nuclear a subset of the empty set So that probably checks and then let's see another situation where I have a nuclear And i'm trying to write to a object that has a nuclear and What do you think should we allow this or deny this? A lot of why let's rush now If you're in object So anyone to read that file has to already have nuclear access therefore the file the Our subject only has access to nuclear information Therefore any information that they can put in there has to be nuclear related. And so it's fine. Can they read that file? No, it's not a subset the other way exactly Big question and race So this is our star property Now prove it so the way Introduce a concept here, so we're using the subset relation to order To order the categories right so we're saying that okay You can read this and one thing is a subset of the other or you can write to it if the other one's a subset of the other one so so our previous Security levels look down as a total ordering right we can put them in a well-defined order from Least amount of access to most amount of access. Can we do that with categories? As we as we've been using them here What would you say if an object so they both have top secret access one object has nuclear category And the other one has a NATO Can you say that one is more secure than the other or more sensitive? It's subjective, right? We can't we have no way to compare them, but On the top secret found an unclassified YouTube. We can say that one is definitely more so that's an absolute order But can we say that Say yes Is one of these more sensitive than the other? Yeah Right the one with more categories is more sensitive, right? It's more important to more categories, right? So definitely so We can't create a total ordering of all of them. So it's not like so Mathematically like the less than operator on numbers can total order every number, right? Any two numbers I can tell you which one is less than the other one Right, but we're using here the subset operator And subset does not have a total ordering because there are sets where you can't say which one is the subset of any of the other ones But you can still create a graph of the relation. So you can create all possible sets. So what's the set that is the Let's say in this with these capabilities these categories that we define here What's the set that is the most sensitive? The what? But in our specific example So here we were comparing, um, let's say Here we're comparing Yes, nuclear NATO nuclear nuclear NATO So what would this actual set be if we were to drop? It's like the most sensitive Exactly, yeah the set that contains nuclear NATO An ace right this and obviously so we're thinking only kind of in top secret here, right? So that is the most sensitive element What's the least the empty set right so we can have things that don't necessarily have a categorization And then what about in the middle? Where do all the other sets fall? Is it just a straight progression from here all the way up to here? So Where would so let's take it one by one. Where are the second containing nuclear? We'll just put it here What's the subset of the second containing nuclear is this one? Exactly so you have a nuclear so nuclear we could say that there's so the term that we use mathematically is dominates Let's get there in a second So the second containing nuclear now I have the second containing NATO So which of the sets that I have here is a subset of NATO? Still just the empty set right not the second name nuclear There's no way to compare those two sets. We cannot tell which one is more sensitive But we know that it's more sensitive than the empty set and we have ace This is second name ace and the same logic there So I have all those now. I only have three more sets remaining to Finish this out. So let's say I have nuclear and NATO NATO So what sets is this What sets of the subset of this set? Yeah, nuclear and NATO Right and also the empty set right, but this is actually a transitive relationship, right? So we Nuclear the subset of us and empty says the subset of nuclear which means the empty says the subset of the second containing nuclear and NATO So a similar logic. Well, we can do nukes and NATO I'm running out of room here because I don't know how to draw I have a better example of this in a second, but this is Us constructing like that. I did Actually look really like the pattern that this makes and then so how do we connect our Our set containing every element to this graph What's a subset of that? So even if we can't have and You just learned about the lattice anybody seen this before another classes I'm not gonna quiz you on it. I'm just curious It actually comes up in static analysis. It comes up here in Access control it comes up in a lot of places. So this is basically just the recreation of the lattice that we have And so the idea here is conceptually the lattice helps you think about Comparing the objects, right? So you can say hey if I have a subject with nuclear NATO And I have an object containing ace Can the subject read that document? Right? No, because there's no path to there the The way you'd say that it says the second page between NATO does not dominate ace So we can't prove that that file Right, there's no way even though so this actually is a good point if I'm not cardinally so even though cardinality has an Essentially how we order these elements we fundamentally can't compare the second tank nuclear NATO with the second tank ace Because even though one has two elements and the other has one they don't have any element in common So we can't say which one is more sensitive than the other cool and you just derived and We created the bella padula model for mandatory access control. So this is Without a doubt like the most famous model in security so There are lots of other access control models you can learn about there's a lot in the book I'm actually not going to cover a lot of them because I think you can learn about them at your Your own gratification. We're trying to cover a lot of different areas, but this is without a doubt the most important model And the idea is here. So we just use this idea of dominates. So we say a security level dominates another security level if The levels are comparable. So if l1 is less than or equal to l and c prime is great is a subset of c And with our simple security condition now we can just write The simple security condition in terms of what we have here, which is you'll notice if you just sub change those dominates is exactly what we came up with with our rule for I believe it's a simple security condition So the simple security condition we had was the level of the subject is sorry the level of the object We haven't flipped so of course this is confusing, but we had it backwards. So the level of the subject must be created they're equal to the level of the object and the categories of the subjects must be a superset of the objects categories Right, and then if you put that into a dominates function like we've done here Then you can say well the simple security condition is this s dominates o and the star property is also o dominates s The other super cool things about a lattice. So lattice is really easy to think about when you only have three elements You can actually have an infinite lattice with an infinite number of elements But still know where the top is where the bottom is and know how to compare dominates between the elements It's pretty cool. It's one of these examples. Just make sure we got this So a has top secret with category ace and b has secret with made of an ace can a Read an object that has top secret and no capabilities I keep saying capabilities So suppose there's nothing in there. There's no categories tagged to that To that object. So maybe it's just a general top secret and it doesn't necessarily Every object doesn't necessarily have to have a category. So it's not like the set of all objects is split into categories Yes, because they have to set a subset of ace and one the security level Exactly All right, somebody else right to a file called s ace Let me say why because top secret is greater than secret Star property forbids us to write them So I always like to think of it as kind of leak information. So thinking about it like that So I have top secret knowledge and And I have access to the ace category. Can I write out to a secret file? No, I should not be allowed to do that because you have to think what's the most potentially damaging action I can do is writing out top secret information to that file So the categories match, but we got to remember always the star property. We cannot write down on the security levels If I'm reading a file as top secret nato ace You say no, why? So even though the security level is the same ace For nato ace is not a subset of ace Which means we would be getting access to blood type of information that we should Yes, top secret nato information Right, what about writing out to a file as top secret ace nato? Ace nato is the category Of the file Then yes, you talk yourself out of it into the right answer So that is the logic correct. So We said it's a top secret. Yes, we can write to a top secret file. We have a top secret clearance and The logic is so we know about ace for writing out to a file that knows about ace So everyone who could read this file only knows knows about ace maybe in addition to other things We cannot read that file So can be Write to a file that's secret and that has nato. Yes I just have a question A can't write to a top secret empty set Correct A cannot write to a file that's top secret empty set Because why? And they couldn't exactly they couldn't be leaking that information out exactly Well, all right, you're off the hook. That's a good question Yeah So you want the scenario would be Because s s dot o is always empty and s s something in it has to always dominate over Everybody get that So let's let's just be clear. So s let's say is We're talking about reading or writing We're talking about reading so if The question I asked was if objects categories are empty, it's an empty set. Can it be read from at all? Because I see so this would be the subject the object is What a top secret empty set right, so Yeah, so the empty set is a subset of the second k k. So, you know, but of course Now even if I have nato clearance and I have let's say confidential Or I just see is confusing who they have between these if I have secret access Can I read this file? Oh No, because it's got top secret clearance, right? We got people, okay So b so b has secret nato and ace Can be right out to Seek a secret file in nato Because they also have ace clearance so they could be leaving ace information to that file Category yes, I'm doing this on purpose What about top uh reading to a top secret nato ace file Don't have top secret clearance. So the first part of our condition is this law is that What about reading from a secret file That has ace and nuclear categories Somebody hasn't answered yet. We would be leaking nuclear information to somebody who does not have the clearance for that category but are writing to An unclassified un-categorized un-categorized file Cool question on this Yeah, yep Yes Yes, so for you to write to a file just like unclassified the only people who can write an unclassified file like people have to get unclassified So how would this work in reality This would be information never gets declassified So how would you do this then? So the model doesn't allow it right so the model just says hey, it's a top secret never nobody ever learns about it ever I think the thing that could happen one is that the information no longer becomes damaging Such as something or technology that's written in that was damaging going to try this no longer damaging Okay, so try but who determines that The system does the MAC system determine it? No, no, who would mean to decide that Some users that have Yeah, people actually so they would need to know about it But they need to have the authority in some type of thing outside of this system essentially that says yes They have the ability to declassify documents like somebody brought up the point on Tuesday that Sometimes documents can't be declassified if they go through a special procedure where people with clearance will redact any information That could be potentially Sensitive so in that way Maybe see the movie hidden figures Yeah So there's a scene where this the lady's working with redacted data information and she can't Actually do her job. So she takes and holds it up in the light and you can tell the difference there to like actually write down some fantastic movie And I've seen everybody like dear about redacting information So yeah, so there's all you know, this is kind of a you can pick up a mathematical highly specialized model To just think about what are the rules you need in this system to actually instantiate something like this you need This thing of declassification. So the u.s. For instance, there's I don't know the exact laws I don't think but I was looking it up. There are laws where after a certain amount of time Documents are automatically go through the declassification process Unless they need search and exemptions and then however long they're declassified So you can actually go look at documents that were classified Um and hire from like 50 plus years ago. So those are available to us I still think they check those files before they actually do that. Yes. Yes. No, I it's not not I mean automatically goes through a Manual declassification process and then it has another yeah, they started doing it rather than on the man thing It's more like a okay You have to justify please my understanding if you have to justify why you want to keep this top secret for another X amount of time Otherwise it needs to go through the declassification process without no review it to make sure it's not Cool, there's some other issues there So how do you so here's an interesting thing that when I was poking around in this So Let's say you're a classified person with not very many categories How would you know that an object if you should be reading it or not? Think about like physical documents It's marked so so there needs to be some kind of cover letter some cover a that says like The security level of the document right so something that explicitly states that it's classified information and so there's rules about how to handle that He's only I guess I shouldn't ask this but I can't remember the document I was reading but there also that needs to be the categorization right, so how do you know that you have the category to access that information and so I believe I was reading that the code words themselves are usually classified at that security level So the top secret code word will be classified top secret but not without a cat without a category or something I may embarrass myself so I don't actually know all this stuff but the idea is You see a document you see it's classified. So if you have clearance, you know you can read it But if it has categories on it, if you don't recognize any of those code words It means that you do not have access to that document and you should not read it so there's actually Interesting examples on wikipedia a whole document from like the 60s and 70s that were like have stamped code Code words on them so you can kind of see them. It's pretty cool All right Awesome. So we're closing out access control. I think we'll be able to get into a little crypto today, which will be fun So And part of the goal of this course is to expose you to things so you can see where other areas in security are so Other more modern types of access control is maybe what we've been actually thinking about and one that actually works really well with With companies is this idea of role-based access of control Where it's not you the user that kind of privileges It's your role in the organization. So you are a Teller in a bank or you're a cashier or you're a manager and your role gives you permissions not your identity And so you need ways to kind of prove that you are this role So rather than being kind of discretionary access control where it's based on you the user Or based on clearance With a mac type system now it's based on your role So this would simplify things for instance for me If we all had a share of your own work server Rather than give each every one of you permissions Individually I could just say great you 132 people are all students And we are instructor roles and maybe there's a TA role, right? So It can be kind of a more natural way to express business logic and to create an access control policy Rather than thinking about individual employees because there's a lot You kind of abstract them into groups, which I believe we touched on a little bit at the start of this Another new type of area that people are exploring Is a attribute based access control So the idea is the subjects in the system have attributes. So how you get attributes is a whole thing But rather than capabilities, which says you have the right to read a certain file or something You have attributes about yourself. So you would have maybe an age or an IT number or a group membership Or Any kind of attributes I mean anything you can think of An idea The policy to access an object is essentially a complex boolean expression over the attributes of the person trying to access it Rather than specifying the rights up front where you can read, write, execute, append to an object I can say things like only people who are over 21 can actually read this file Or which actually is mapped really well to the real world because that actually is how a lot of things work, right? You can only buy certain things if you're over 21 and the way you prove that is by showing someone an ID Which is licensed by a government entity, which has your birth date on it So forging attributes obviously is an important problem here, but the idea is now the policy Can be more complex and can express very complex things And test it It's a very and these are very active areas of research. So And basically the way I see it so there's all types of so if you want to go into this area There's tons and tons of of new interesting work being done We talked about this a little bit usability, right? It seems very clear that a max system is Does not prioritize usability at all Right, we just talked about like writing out a file and you cannot read it, right? That seems crazy to deal with But if that's the price pay for security, maybe that's okay. So are there other usability You know, what are the usability constraints here? How do because we know it as we talked about in the Interaction section is humans are often the most important problem Humans are often not the most important problem the weak point in our system So we need to if we're not thinking about the human when we're designing our system They're going to bypass our sophisticated access control systems We also need things that are flexible and easy to change, right? It's very Hard to get you know, it's easy to make a policy, but it's hard to evolve that policy over time as the organization changes Expressiveness of a policy. What can you actually express? so for instance on unix If you wanted to give access to Two or three other students in the class You have to create a new group in the system. Just those Those people so it's really hard to do things like we'll share it with The engineering department, but not these people who are on this specific project who maybe shouldn't have access Right, we have to keep in unix acl here to keep creating groups for all these things So it's crazy to manage these groups. So thinking about how expressive is the policy? Can you say things like these people are loud and these people aren't Some of the areas that we've been doing research in our lab is on federations So when you have Two organizations that want to collaborate with each other, but they each have their own individual access control policy And they may have agreed on a group access control policy But now when somebody tries to make access which one actually comes into play a local access control policy or the federated access control policy And how can you some of the cool things like how can you do this automatically? So how can you try to actually discover and learn about the policies at the local level of the federated level? To try to resolve And I guess there's other things in here conflicts if your access control policy Maybe doesn't allow anybody any access or there's conflicting policies at different levels And there's all kinds of there's a whole can of worms that you can dive into And it's a really important area. So any questions on this? All right access control