Least operating system privilege

Explanation: The least-privilege principle calls for the operating system to grant programs/ processes only those privileges required for them to carry out their specified functions
Vulnerabilities addressed: Addresses exploitation of over-privileged processes.
Developer resources required: Implementers must abide by the constrained design and avoid granting privileges in the implementation not called for in the design.
Evaluator resources required: Automated static analysis can reveal whether privileges are enabled only where specified.
Source: www.computer.org