The Principle of Least Privilege
Here is the goal of access control (and security in general):
To ensure all authorized users have access to required information on demand, while denying access to unauthorized users.
In the context of access control, security controls must provide object access for all authorized subjects. The easiest way to do that is to grant full access to all objects, for all subjects. In other words, give everybody access to everything. Global access would satisfy the first part of the security goal, but not the second part of the goal. If object access is granted to everyone, it is impossible to prevent access by unauthorized users.
The Orange Book
The solution is to find the best balance between providing necessary ...
Get Security Strategies in Windows Platforms and Applications, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
