Which of the following is an example of applying the least privileges rule?
Only the minimum necessary rights should be assigned to a subject that requests access to a resource and should be in effect for the shortest duration necessary (remember to relinquish privileges). Granting permissions to a user beyond the scope of the necessary rights of an action can allow that user to obtain or change information in unwanted ways. Therefore, careful delegation of access rights can limit attackers from damaging a system. Show Detailed Description ExcerptsAccording to Saltzer and Schroeder [Saltzer 75] in "Basic Principles of Information Protection," page 9:
According to Bishop [Bishop 03] in Chapter 13, "Design Principles," Section 13.2.1, "Principle of Least Privilege," pages 343-344:
According to Viega and McGraw [Viega 02] in Chapter 5, "Guiding Principles for Software Security," in "Principle 4: Follow the Principle of Least Privilege" from pages 100-103:
According to Howard and LeBlanc [Howard 02] in Chapter 3, "Security Principles to Live By," in "Use Least Privilege" from pages 60-61:
According to NIST [NIST 01] in Section 3.3, "IT Security Principles," from page 16:
According to Schneier [Schneier 00] in "Security Processes":
What Goes WrongAccording to McGraw and Viega [McGraw 03]:
References[Bishop 03] Bishop, Matt. Computer Security: Art and Science. Boston, MA: Addison-Wesley, 2003. [Howard 02] Howard, Michael & LeBlanc, David. Writing Secure Code, 2nd ed. Redmond, WA: Microsoft Press, 2002. [McGraw 03] McGraw, Gary & Viega, John. "Keep It Simple." Software Development. CMP Media LLC, May, 2003. [NIST 01] NIST. Engineering Principles for Information Technology Security. Special Publication 800-27. US Department of Commerce, National Institute of Standards and Technology, 2001. [Saltzer 75] Saltzer, Jerome H. & Schroeder, Michael D. "The Protection of Information in Computer Systems," 1278-1308. Proceedings of the IEEE 63, 9 (September 1975). [Schneier 00] Schneier, Bruce. "." Information Security Magazine, April, 2000. [Viega 02] Viega, John & McGraw, Gary. Building Secure Software: How to Avoid Security Problems the Right Way. Boston, MA: Addison-Wesley, 2002.
Copyright © Cigital, Inc. 2005-2007. Cigital retains copyrights to this material. Permission to reproduce this document and to prepare derivative works from this document for internal use is granted, provided the copyright and “No Warranty” statements are included with all reproductions and derivative works. For information regarding external or commercial use of copyrighted materials owned by Cigital, including information about “Fair Use,” contact Cigital at [email protected]. The Build Security In (BSI) portal is sponsored by the U.S. Department of Homeland Security (DHS), National Cyber Security Division. The Software Engineering Institute (SEI) develops and operates BSI. DHS funding supports the publishing of all site content. What is the example of implementing the principle of least privilege?You can implement PoLP without Zero Trust. For instance, you could limit access to a system or data based on user roles and not implement network segmentation or encryption. Conversely, it would be impossible to implement Zero Trust without enforcing the principle of least privilege.
What is the least privilege?The Principle of Least Privilege states that a subject should be given only those privileges needed for it to complete its task. If a subject does not need an access right, the subject should not have that right. Further, the function of the subject (as opposed to its identity) should control the assignment of rights.
What does the principle of least privilege mean as applied?The principle of least privilege (PoLP) refers to an information security concept in which a user is given the minimum levels of access – or permissions – needed to perform his/her job functions.
What is a least privilege policy?Least privilege is intended to prevent “over-privileged access” by users, applications, or services and help reduce the risk of exploitation should user credentials be compromised by an outside attacker or malicious insider. Thus, users are granted only enough authority for an entity to complete a specific task or job.
|