Gegick and Barnum, 2005
Least Privilege
article
Authors
Gegick, M., Barnum, S.
Year
2005 (Revised 2013)
Abstract
Only the minimum necessary rights should be assigned to a subject that requests access to a resource and should be in effect for the shortest duration necessary (remember to relinquish privileges). Granting permissions to a user beyond the scope of the necessary rights of an action can allow that user to obtain or change information in unwanted ways. Therefore, careful delegation of access rights can limit attackers from damaging a system.
Links
Citation
Gegick, M., Barnum, S., 2005. Least Privilege [WWW Document]. DHS CISA - Build Security In (US CERT Web Archive). URL https://www.us-cert.gov/bsi/articles/knowledge/principles/least-privilege (accessed 6.22.20).
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.