Back to Security Pattern Catalog




Trust Partitioning


Classification Key : Core Security, Tampering

Problem

In a system architecture that is compartmentalized, an intruder may get hold of a compartment with super user rights or a compartment with maximum responsibilities and crash the whole system. Many security violations are possible, because system developers extend trust unnecessarily. How can security be ensured even after some part of the program is compromised?

Solution

Assign minimum privilege level to components according to the least privilege principle. Classify the owners of processes into different trusted and un-trusted groups. Design the components to not trust inputs from other groups and to validate inputs.

Known Uses

qmail processes run as separate users and validate data coming from other processes.

Related Patterns

Compartmentalization, Distributed Responsibility

Source

Hafiz et. al.

Tags

Proxy, Delegation, Access Control


 

Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz