Back to Security Pattern Catalog
: Core Security, Tampering
In a system architecture that is compartmentalized, an intruder may get hold of a compartment with super user rights or a compartment with maximum responsibilities and crash the whole system. Many security violations are possible, because system developers extend trust unnecessarily.
How can security be ensured even after some part of the program is compromised?
Assign minimum privilege level to components according to the least privilege principle. Classify the owners of processes into different trusted and un-trusted groups. Design the components to not trust inputs from other groups and to validate inputs.
qmail processes run as separate users and validate data coming from other processes.
Compartmentalization, Distributed Responsibility
Hafiz et. al.
Proxy, Delegation, Access Control
Last modified: May 05, 2012
and Maintained by: Munawar Hafiz