Least Privilege and More
نویسنده
چکیده
“f) Least privilege: Every program and every user of the system should operate using the least set of privileges necessary to complete the job. Primarily, this principle limits the damage that can result from an accident or error. It also reduces the number of potential interactions among privileged programs to the minimum for correct operation, so that unintentional, unwanted, or improper uses of privilege are less likely to occur. Thus, if a question arises related to misuse of a privilege, the number of programs that must be audited is minimized. Put another way, if a mechanism can provide ‘firewalls,’ the principle of least privilege provides a rationale for where to install the firewalls. The military security rule of ‘need-to-know’ is an example of this principle.”
منابع مشابه
Specifying and enforcing the principle of least privilege in role-based access control
The principle of least privilege in role-based access control (RBAC) is an important area of research. There are two crucial issues related to it: the specification and the enforcement. We believe that existing least privilege specification schemes are not comprehensive enough and few of the enforcement methods are likely to scale well. In this paper, we formally define the basic principle of l...
متن کاملApples and Oranges: Detecting Least-Privilege Violators with Peer Group Analysis
Clustering software into peer groups based on its apparent functionality allows for simple, intuitive categorization of software that can, in particular, help identify which software uses comparatively more privilege than is necessary to implement its functionality. Such relative comparison can improve the security of a software ecosystem in a number of ways. For example, it can allow market op...
متن کاملEnforcing Least Privilege with Android Permissions in Mobile App Development
Though there is evidence that presenting Android app permission information to the user in a clear, more contextdependent way can influence mobile phone users in choosing apps that request fewer permissions [4], ultimately users still tend to make poor privacy and security decisions, especially when warnings are unclear or inhibitive [1]. As a result, we believe that code developers should take...
متن کاملMake Least Privilege a Right (Not a Privilege)
Though system security would benefit if programmers routinely followed the principle of least privilege [24], the interfaces exposed by operating systems often stand in the way. We investigate why modern OSes thwart secure programming practices and propose solutions.
متن کاملPrototypical Predicates Have Unmarked Phonology
Recent work recognizes that lexical category can be relevant for phonology, because phonological processes and phonotactics are sometimes category-sensitive (Smith 1997, 2001; Myers 2000; Bobaljik 2008; see also Cohen 1964; Chomsky & Halle 1968; Postal 1968; Kenstowicz & Kisseberth 1977). Moreover, there are strong cross-linguistic tendencies concerning the nature of phonological differences be...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IEEE Security & Privacy
دوره 1 شماره
صفحات -
تاریخ انتشار 2003