Least privileges: process should not have more privilege than is required to perform task
Separation of duties: different steps require different privileges granted to different people
Administrator account: unrestricted access, unlimited privileges. attractive target. should assign specific administrative authorizations to individual accounts to allow individual accountability & more granular distribution of authorizations. No shared accounts.
Granularity of authorizations: coarse (eg. per file, by OS): creation,
deletion, modification, utilization (eg. execute), access
(attributes), manage (change authorizations)
fine-grain (eg. per record)
Authorizations to groups or to individuals
Centralized or distributed management of authorizations
Authorization as resource-based vs. role-based. list-based vs. rule-based
Authorization server: integrated enterprise authorization service requires that all functions that require privileges use a centralized authorization service to determine if the privilege should be granted.
Outside intruder tries to gain authorization to achieve goal
Inside intruder often has (too much) authorization.