P.S. Bushmakin, A.V. Sapozhnikov, D.Yu. Gamayunov
The principle of least privilege is widely recognized in the field of operation systems security, and it states that application should be granted with only minimal set of privileges, neccessary for normal execution. In this paper we research the possibility of implementing hard principle of least privilege, when the set of provoleges available for the given application changes over time according to the real observed path of application's execution. We propose implementation of the hard principle of least privileges for the Linux operating system for different types of applications, including multithreaded applications, where privilege control should be done intependently for each of the application's threads. The proposed attack mitigation architecture looks promicing for mobile security especially.