HOME

TheInfoList



Click Here for Items Related To - privilege revocation (computing)
OR:
privilege revocation (computing) on:   [Wikipedia]   [Google]   [Amazon]

{{no footnotes, date=December 2008 Privilege revocation is the act of an
entity An entity is something that Existence, exists as itself. It does not need to be of material existence. In particular, abstractions and legal fictions are usually regarded as entities. In general, there is also no presumption that an entity is Lif ...
giving up some, or all of, the privileges they possess, or some
authority Authority is commonly understood as the legitimate power of a person or group of other people. In a civil state, ''authority'' may be practiced by legislative, executive, and judicial branches of government,''The New Fontana Dictionary of M ...
taking those (privileged) rights away.


Information theory

Honoring the
Principle of least privilege In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in a particular abstraction l ...
at a granularity provided by the base system such as
sandbox A sandbox is a sandpit, a wide, shallow playground construction to hold sand, often made of wood or plastic. Sandbox or sand box may also refer to: Arts, entertainment, and media * Sandbox (band), a Canadian rock music group * Sandbox (Gu ...
ing of (to that point successful) attacks to an unprivileged user account helps in
reliability Reliability, reliable, or unreliable may refer to: Science, technology, and mathematics Computing * Data reliability (disambiguation), a property of some disk arrays in computer storage * Reliability (computer networking), a category used to des ...
of computing services provided by the system. As the chances of restarting such a process are better, and other services on the same machine aren't affected (or at least probably not as much as in the alternative case: i.e. a privileged process gone haywire instead).


Computer security

In computing security ''privilege revocation'' is a measure taken by a program to protect the
system A system is a group of interacting or interrelated elements that act according to a set of rules to form a unified whole. A system, surrounded and influenced by its open system (systems theory), environment, is described by its boundaries, str ...
against misuse of itself. Privilege revocation is a variant of
privilege separation Privilege may refer to: Arts and entertainment * Privilege (film), ''Privilege'' (film), a 1967 film directed by Peter Watkins * Privilege (Ivor Cutler album), ''Privilege'' (Ivor Cutler album), 1983 * Privilege (Television Personalities album ...
whereby the program terminates the privileged part immediately after it has served its purpose. If a program doesn't revoke privileges, it risks the escalation of privileges. Revocation of privileges is a technique of
defensive programming Defensive programming is a form of defensive design intended to develop programs that are capable of detecting potential security abnormalities and make predetermined responses. It ensures the continuing function of a piece of software under un ...
.


References


Protection Profile for Privilege-Directed Content
Authoriszor Ltd, Ref: Auth_CC/PP/DES/01, Issue 1.3, 22 December 2000
LOMAC: Low Water-Mark Integrity Protection for COTS Environments
by Timothy Fraser Information theory Computer security procedures