Back to Security Pattern Catalog

Trust Partitioning

Classification Key : Core Security, Tampering


In a system architecture that is compartmentalized, an intruder may get hold of a compartment with super user rights or a compartment with maximum responsibilities and crash the whole system. Many security violations are possible, because system developers extend trust unnecessarily. How can security be ensured even after some part of the program is compromised?


Assign minimum privilege level to components according to the least privilege principle. Classify the owners of processes into different trusted and un-trusted groups. Design the components to not trust inputs from other groups and to validate inputs.

Known Uses

qmail processes run as separate users and validate data coming from other processes.

Related Patterns

Compartmentalization, Distributed Responsibility


Hafiz et. al.


Proxy, Delegation, Access Control


Last modified: May 05, 2012

Conceived and Maintained by: Munawar Hafiz