Alternative Forms

• Least Privilege

Definitions

Definition 1

The Least Privilege Principe is a guiding security principle that consists in granting subjects the set of access permissions they need to execute the tasks under their responsibility but no more.

It implies that the subject’s function or role within the organization is defined by a legitimate authority.

It implies that once a subject ceases to need these access permissions, these access permissions be revoked. Depending on the trust relationship between the organization and the subject, it may be required from and expected that the subject voluntarily relinquishes his access permissions when no longer needed.

The goal of this guiding principle is to mitigate the operational risks linked to the undesired usage of access permissions, accidentally or intentionally, by the subjects or abusers.

Some constraints that limit the applicability of this principle are the granularity of access permissions in the information system and the capacity of the organization to dynamically translate subjects' responsibilities and needs into technical access permissions. As a consequence, the approach in using this guiding principle consists in optimizing risks given the organization’s resources and constraints.

How and the extent to which this guiding principle is applied depends on an organization’s security policy and capabilities.

The Need-to-Know Principle is a special case of the Least Privilege Principle applied to Data Confidentiality.

Just-in-Time (JIT) Access is a special case of the Least Privilege Principle whereby access permissions are dynamically granted when the subject needs them, and are then dynamically revoked, further reducing the window of vulnerability.

Sample Sentences

Bob’s laxity was well-known, he would validate access permission requests from nearly anyone. This was in total contradiction with the Least Privilege principle.

Conceptual Diagram

Related Terms

Quotes

6.1.3 The degree to which an access control system supports the concept of least privilege

In addition to an access control mechanism’s reference mediation function, there are two other basic functions: a function to create subjects and associate these subjects with their users, and a function to associate a subject with a subset of attributes that are assigned to its user. Regardless of its implementation and the type of attributes that are deployed, reference mediation of an access control system constrains the subject and user’s requests to the capabilities that are associated with a subject’s attributes. Although a number of access control mechanisms associate a subject with each and every user attribute, in order for an access control mechanism to support the principle of least privilege, constraints must be placed on the attributes that are associated with a subject to further reduce the permissible capabilities. The organization specific least- privilege policy is described by specifying the rules composed by the basic access control elements: subjects, operations, and objects. The access control systems provide various specifying methods, which achieve different degrees of granularity, flexibility, and scope, and different groupings of the controlled resources for the least-privilege policies.

Bibliography

See Also