Privilege Risk Evolution for Non-Human Identities: A Temporal Fiber Model for Cloud IAM

Abstract

Cloud permission governance implicitly treats permission equivalence as a static relation. We show that for non-human identities (NHIs), equivalence has two irreducible components: structural equivalence, capturing identical permission profiles at a snapshot via graph fibration, and temporal equivalence, capturing recurring permission states via strongly connected components (SCCs) in a fiber transition graph. We call the equivalence classes under temporal equivalence privilege circuits. We formalize a three-layer framework: (1) a spatial quotient of the permission graph via fibration, (2) a lineage partition organizing stable transition compartments, (3) windowed SCC analysis as a temporal quotient within lineages. Empirical evaluation on a large Azure tenant supports the framework. Backtesting demonstrates that early observation of ratchet-type privilege circuits predicts long-term structural stability.