The concept of least privilege is based on the idea that a user, a program, or a process should have the minimum privileges that are required to perform necessary functions. It implies that user accounts should run with as few privileges as possible and that applications should also launch with minimal privileges. For instance, a program or a user whose sole function is to retrieve records from the database do not need to have administrative rights. Following the concept of least privilege is critical in enhancing protection of data, improving fault tolerance, and protecting a system from malicious behavior. Systematic violation of the principle of least privilege has thus been found to be one of the main causes of security vulnerabilities (Hammad et al., 2017). The concept of least privilege is also critical in administration as it can prevent substantial vulnerabilities in cloud computing (Puyang et al., 2017). Following the concept of least privilege is thus foundational to improving the security of a system.
The concept of least privilege can be achieved in a system through access control. Access control involves maintaining the lowest level of required access for a system. One of the main approaches that can be used is ensuring that accounts do not have administrative control of a system. Access control works by first identifying the functions of different users and programs within a system. Users are then assigned privileges based on their functions and can only perform operations based on their levels of privilege (Huh et al., 2016). Another approach to realize the least privilege principle is through privilege bracketing. Privilege bracketing involves software privilege being temporarily increased so as to perform a specific function and dismissing them once it is not necessary. Such an approach can be used to limit the inherent risks when providing privileges.
Delegate your assignment to our experts and they will do the rest.
References
Hammad, M., Bagheri, H., & Malek, S. (2017, April). Determination and enforcement of least-privilege architecture in android. In 2017 IEEE international conference on software architecture (ICSA) (pp. 59-68). IEEE.
Huh, J. H., Bobba, R. B., Markham, T., Nicol, D. M., Hull, J., Chernoguzov, A., ... & Huang, J. (2016). Next-generation access control for distributed control systems. IEEE Internet Computing , 20 (5), 28-37.
Puyang, T., Shen, Q., Luo, Y., Luo, W., & Wu, Z. (2017, May). Making least privilege the low-hanging fruit in clouds. In 2017 IEEE International Conference on Communications (ICC) (pp. 1-7). IEEE.
