Least operating system privilege

Explanation: The least-privilege principle calls for the operating system to grant programs/ processes only those privileges required for them to carry out their specified functions

Vulnerabilities addressed: Addresses exploitation of over-privileged processes.

Developer resources required: Implementers must abide by the constrained design and avoid granting privileges in the implementation not called for in the design.

Evaluator resources required: Automated static analysis can reveal whether privileges are enabled only where specified.

Source: www.computer.org