Principle of least privilege

From Wikipedia, the free encyclopedia

In computer science and other fields the principle of minimal privilege, also known as principle of least privilege or just least privilege, requires that in a particular abstraction layer of a computing environment every module (which can be for example, a process, a user or a program on the basis of the layer we are considering) must be able to see only such information and resources that are immediately necessary.

So the idea of the principle is to grant just the least possible amount of privileges to permit a legitimate action, in order to enhance protection of data and functionality from faults (fault tolerance) and malicious behaviour (computer security).

The principle of minimal privilege is also known as or similar to POLA: principle of least authority.

1 History
2 See also
3 References
4 External links

[edit] History

The principle came up around mid-1970s, and generally the book "Fault Tolerant Operating Systems" by Peter J. Denning is referred as the original source, even though it was described under different names by many contemporary papers, like The protection of information in computer systems, by Saltzer and Schroeder.

The original formulation from Saltzer and Schroeder:

Every program and every user of the system should operate using the least set of privileges necessary to complete the job.

[edit] See also

[edit] References

Ben Mankin, The Formalisation of Protection Systems, Ph.D thesis, University of Bath, 2004
P. J. Denning (December 1976). "Fault tolerant operating systems". ACM Computing Surveys (CSUR) 8 (4): 359 - 389. ISBN 0360-0300.
Jerry H. Saltzer and Mike D. Schroeder, The protection of information in computer systems, Proceedings of the IEEE, vol. 63 (no. 9), pp. 1278-1308, Sept 1975. The paper can be found here.
Deitel, Harvey M. [1982] (1984). An introduction to operating systems, revisited first edition, Addison-Wesley, 673. ISBN 0-201-14502-2. page 31.