Least operating system privilege

Explanation: The least-privilege principle calls for the operating system to grant programs/ processes only those privileges required for them to carry out their specified functions

Vulnerabilities addressed: Addresses exploitation of over-privileged processes.

Developer resources required: Implementers must abide by the constrained design and avoid granting privileges in the implementation not called for in the design.

Evaluator resources required: Automated static analysis can reveal whether privileges are enabled only where specified.

Source: www.computer.org

Share this article

Shahid N. Shah is an internationally recognized and influential cybersecurity and risk management expert. He is a technology strategy consultant to many federal agencies and winner of Federal Computer Week’s coveted “Fed 100″ award for his work on the government’s largest secure collaboration space. He’s served as Chief Architect (contractor) for BFELoB and OMB secure collaboration platforms and was responsible for strategy as well as implementation leadership of the government’s largest cross-agency identity management solution focused on multifactor auth/authz and identity assurance. He’s also helped AHIP with cybersecurity strategy development for its member insurers and is the author of the “Cybersecurity Risks” and “Conducting Digital Health Risk Assessments” chapters of the 2015 edition of “Insurance and Risk Management Strategies for Physicians and Advisors” book.