When applied to users, the terms least user access or least-privileged user account (LUA) are also used, referring to the concept that all users at all times should run with as few privileges as possible, and also launch applications with as few privileges as possible.
The principle of least privilege is also known as the principle of least authority (POLA), an alternative term coined by those who consider authority be a more precise term than privilege to represent "ability to access" in the true spirit of this concept. Specifically, authority represents all effects that a subject can directly or indirectly cause in a system, as opposed to permission which represents the effects that can be directly caused in a single operation.
In most operating systems, like Windows and Linux, code running in "kernel mode" always runs with maximum privileges; therefore there is no security enforcement. The principle of least privilege therefore demands the use of a user mode solutions when given the choice between a kernel mode and user mode solution if the two solutions provide the same results.
Least privilege is widely misunderstood and, in particular, is almost always confused with the Trusted Computer System Evaluation Criteria concept of Trusted Computing Base minimization. Minimization is a far more stringent requirement that is only applicable to the functionally strongest assurance classes, viz., B3 and A1 (which are evidentiarily different but functionally identical). Least privilege is often associated with privilege bracketing, that is, assuming necessary privileges at the last possible moment and dismissing them as soon as no longer strictly necessary, therefore ostensibly avoiding fallout from erroneous code that unintentionally exploits more privilege than is merited. Least privilege has also—and arguably incorrectly—been interpreted in the context of distribution of discretionary access control permissions, even to the point of asserting that, e.g., giving user U read/write access to file F violates least privilege if U can complete his authorized tasks with only read permission.
In an archetypal UNIX implementation, processes execute with a potential privilege set and an active privilege set. Such privilege sets are inherited from the parent as determined by the semantics of fork(). An executable file that performs a privileged function—thereby technically constituting a component of the TCB, and concomitantly termed a trusted program or trusted process may also be marked with a set of privileges, a logical extension of the notions of set user ID and set group ID. The inheritance of file privileges by a process are determined by the semantics of the exec() family of system calls. The precise manner in which potential process privileges, actual process privileges, and file privileges interact may be quite involved. In practice, least privilege is practiced by maintaining in the active privilege set only those privileges that are strictly necessary at the time, claiming and dismissing them from the potential privilege set as appropriate. Strict adherence to this model is quite complex as well as error-prone.
Historically, the oldest instance of least privilege is probably the source code of login.c, which begins execution with super-user permissions and—the instant they are no longer necessary—dismisses them via setuid() with a non-zero argument.
According to Barnum and Gegick, another limitation is the granularity of control that the operating environment (secure operating system) over privileges for an individual processes. In real practice, it is almost never possible to control a process's access to memory, or processing time, or I/O device addresses or modes with the precision needed to eliminate the precise set privileges we can be sure a process will not need. This reduces its usefulness of this principle even more.
Peter J. Denning, in his paper "Fault Tolerant Operating Systems" set it in a broader perspective among four fundamental principles of fault tolerance.
Dynamic assignments of privileges was earlier discussed by Roger Needham in 1972.
Info Security Products Guide Names BeyondTrust Winner of the 2009 Global Excellence in Least Privilege Management Award.
May 04, 2009; BeyondTrust announced that Info Security Products Guide, the industry's leading publication on security-related products and...
US Patent Issued to Microsoft on March 12 for "Granting Least Privilege Access for Computing Processes" (Washington, Illinois Inventors)
Mar 12, 2013; ALEXANDRIA, Va., March 12 -- United States Patent no. 8,397,290, issued on March 12, was assigned to Microsoft Corp. (Redmond,...
Publication No. WO/2009/158405 Published on Dec. 30, Assigned to Microsoft for Granting Least Privilege Access (American Inventors)
Dec 31, 2009; GENEVA, Dec. 30 -- Neil Laurence Coles, Scott Randall Shell, Upender Reddy Sandadi, Angelo Renato Vals, Matthew G. Lyons,...