Ver:
· http://en.wikipedia.org/wiki/Least_privilege
Principio
según el cual los sujetos deben acceder exclusivamente a aquellos objetos que
precisen inexcusablemente para ejecutar sus trabajos o procesos.
Es término
sinónimo de "necesidad de saber".
[Ribagorda:1997]
Postulado que
requiere que los sujetos de un sistema tengan habilitado, exclusivamente, el
derecho de acceso (escritura, lectura, etc.) a los objetos que ineludiblemente
requieran para cumplir las funciones del puesto que ocupan.
Es término
sinónimo de "necesidad de saber".
[Ribagorda:1997]
The principle
that a security architecture should be designed so that each entity is granted
the minimum system resources and authorizations that the entity needs to
perform its function. [CNSSI_4009:2010]
(I) The principle
that a security architecture should be designed so that each system entity is
granted the minimum system resources and authorizations that the entity needs
to do its work.
(Compare: economy
of mechanism, least trust.)
[RFC4949:2007]
This principle
requires that each subject in a system be granted the most restrictive set of
privileges (or lowest clearance) needed for the performance of authorized
tasks. The application of this principle limits the damage that can result from
accident, error, or unauthorized use. [TCSEC:1985]
Least Privilege
is the principle of allowing users or applications the least amount of
permissions necessary to perform their intended function.
http://www.sans.org/security-resources/glossary-of-terms/
Temas relacionados