Privilege revocation
Encyclopedia
Privilege revocation is the act of an entity
giving up some, or all of, the privileges
they possess, or some authority
taking those (privileged) rights away.
at a granularity provided by the base system such as sandbox
ing of (to that point successful) attacks to an unprivileged user account helps in reliability
of computing services provided by the system. As the chances of restarting such a process are better, and other services on the same machine aren't affected (or at least probably not as much as in the alternative case: i.e. a privileged process gone haywire instead).
to protect the system
against misuse of itself.
Privilege revocation is a variant of privilege separation
whereby the program terminates the privileged part immediately after it has served its purpose. If a program doesn't revoke privileges, it risks the escalation of privileges
.
Revocation of privileges is a technique of defensive programming
.
the general term is often used when discussing some paper, such as a drivers licence, being voided
after a (negative) condition is met by the holder.
Entity
An entity is something that has a distinct, separate existence, although it need not be a material existence. In particular, abstractions and legal fictions are usually regarded as entities. In general, there is also no presumption that an entity is animate.An entity could be viewed as a set...
giving up some, or all of, the privileges
Privilege (Computing)
In computing, privilege is defined as the delegation of authority over a computer system. A privilege is a permission to perform an action. Examples of various privileges include the ability to create a file in a directory, or to read or delete a file, access a device, or have read or write...
they possess, or some authority
Authority
The word Authority is derived mainly from the Latin word auctoritas, meaning invention, advice, opinion, influence, or command. In English, the word 'authority' can be used to mean power given by the state or by academic knowledge of an area .-Authority in Philosophy:In...
taking those (privileged) rights away.
Information theory
Honoring the Principle of least privilegePrinciple of least privilege
In information security, computer science, and other fields, the principle of least privilege, also known as the principle of minimal privilege or just least privilege, requires that in a particular abstraction layer of a computing environment, every module must be able to access only the...
at a granularity provided by the base system such as sandbox
Sandbox (computer security)
In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers, untrusted users and untrusted websites....
ing of (to that point successful) attacks to an unprivileged user account helps in reliability
Reliability engineering
Reliability engineering is an engineering field, that deals with the study, evaluation, and life-cycle management of reliability: the ability of a system or component to perform its required functions under stated conditions for a specified period of time. It is often measured as a probability of...
of computing services provided by the system. As the chances of restarting such a process are better, and other services on the same machine aren't affected (or at least probably not as much as in the alternative case: i.e. a privileged process gone haywire instead).
Computer security
In computing security privilege revocation is a measure taken by a programComputer program
A computer program is a sequence of instructions written to perform a specified task with a computer. A computer requires programs to function, typically executing the program's instructions in a central processor. The program has an executable form that the computer can use directly to execute...
to protect the system
System software
System software is computer software designed to operate the computer hardware and to provide a platform for running application software.The most basic types of system software are:...
against misuse of itself.
Privilege revocation is a variant of privilege separation
Privilege separation
In computer programming and computer security, privilege separation is a technique in which a program is divided into parts which are limited to the specific privileges they require in order to perform a specific task...
whereby the program terminates the privileged part immediately after it has served its purpose. If a program doesn't revoke privileges, it risks the escalation of privileges
Privilege escalation
Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user...
.
Revocation of privileges is a technique of defensive programming
Defensive programming
Defensive programming is a form of defensive design intended to ensure the continuing function of a piece of software in spite of unforeseeable usage of said software. The idea can be viewed as reducing or eliminating the prospect of Murphy's Law having effect...
.
Law terminology
In lawLaw
Law is a system of rules and guidelines which are enforced through social institutions to govern behavior, wherever possible. It shapes politics, economics and society in numerous ways and serves as a social mediator of relations between people. Contract law regulates everything from buying a bus...
the general term is often used when discussing some paper, such as a drivers licence, being voided
Void (law)
In law, void means of no legal effect. An action, document or transaction which is void is of no legal effect whatsoever: an absolute nullity - the law treats it as if it had never existed or happened....
after a (negative) condition is met by the holder.