Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job. – Jerome Saltzer
In an effort to better serve our clients, SpinDance is building an internal cross project team which will focus on the security aspects of the applications. This team will review design, implementation, and deployment of customer projects and perform testing to ensure the clients applications and data are as safe and secure as possible. The team will also be providing internal training to the development teams, teaching high level concepts and application of those concepts to spread the skills throughout the engineering side of company. This article is an adaptation of some of the topics that will be covered.
What is the Principle of Least Privilege?
A main tenet of secure system design is layered security. The principle of least privilege is one of the building blocks to layered security. The idea of the principle of least privilege is that a user’s or program’s access is the minimum necessary to complete the intended task. In event of a compromise the damage is limited to elements of the system the original process is able to access. Using the principle of least privilege decreases exposure and damage thereby increasing the security of a system. This adds a layer of security to the system by protecting the remaining components of the system which the process does not have access to affect….