Principle of Least Privilege

The principle of least privilege proscribes unnecessary resources.

Resources

Resources are defined here as anything available to a system. Something not available to a system is not a resource. In this context the term “available resource” is redundant, and the term “unavailable resource” is a contradiction. Defining resources in this manner affords the opportunity to employ the word “resource” as a predicate in logic.

Resources categorized

Resources can be categorized by intent. Intended resources are those that we as stewards of a system intend for its use. Unintended resources are those not intended for a system’s use.

Resources can also be categorized by knowledge. Known resources are those a system’s stewards know about. Unknown resources are those a system’s stewards do not know about.

Categories combined

Resource categories can be combined.

Intended Known

Intended known resources are those that we intend for a system to use.

Intended Unknown

There are resources that we expect to exist for the normal operation of a system. Operating systems contain a multitude of beneficial and necessary resources that stewards trust exist without explicitly knowing what they are.

Unintended Known

Known resources not intended for use by a system can be overlooked. We may not intend for a system to make use of them, but as resources the potential exists that it may.

Unintended Unknown

In the large world of modern OS’s, networks, etc. there may exist resources that stewards neither know about, nor—if they were known—intend for a system to use. Certainly there are far too many somethings to explicitly prevent from becoming resources. Both their numbers and complexity prevent a total manifest of every potential resource. Many remain unknown and their use by a system may have unforseen consequences.