Principle of least privilege
From Freepedia
In computer science and other fields the principle of minimal privilege, also known as principle of least privilege or just least privilege, requires that in a particular abstraction layer of a computing environment every module (which can be for example, a process, a user or a program on the basis of the layer we are considering) must be able to see only such information and resources that are immediately necessary.
So the idea of the principle is to grant just the minimum possible privileges to permit a legitimate action, in order to enhance protection of data and functionality from faults (fault tolerance) and malicious behaviour (computer security).
The principle of minimal privilege is also known as or similiar to POLA: principle of least authority (or access).
Contents |
History
The principle came up around mid '70s, and generally the book "Fault Tolerant Operating Systems" by Peter J. Denning is referred as the original source, even though it was described under different names by many contemporary papers, like The protection of information in computer systems, by Saltzer and Schroeder.
The original formulation from Saltzer and Schroeder:
- Every program and every user of the system should operate using the least set of privileges necessary to complete the job.
See also
References
- Ben Mankin, The Formalisation of Protection Systems, Ph.D thesis, University of Bath, 2004
- P. J. Denning, Fault tolerant operating systems, Computing Surveys (USA), 8(4):359{389, December 1976.
- Jerry H. Saltzer and Mike D. Schroeder, The protection of information in computer systems, Proceedings of the IEEE, vol. 63 (no. 9), pp. 1278-1308, Sept 1975. The paper can be found here.
External links
- [1] The Saltzer and Schroeder paper cited in the references.
- [2] NSA (the one that implemented SELinux), talks about the principle of least privilege
