Distributed Responsibility
Classification Key
: Core Security, Elevation of Privilege
Problem
A security failure in a compartment can change any data in that compartment. A compartment
has both an interface that is at risk of a security failure, and data that needs to be secure.
How can this be achieved?
Solution
Partition responsibility across components such that the components that are likely to fail do not
have critical data. Assign responsibilities in such a way that several of them need to fail in order for the whole system to fail.
Known Uses
qmail programs run under separate users.
Related Patterns
Compartmentalization, Trust Partitioning
Source
Veryard et. al.
Tags
Partition, Compartment, UID
|