The Principle of Least Privilege for Account Security

Speed up your developers' work and reduce accidental overwriting of copywriting or translation content. Working with a huge team of developers across multiple translation projects can be time intensive and costly. Today we released the second part of Phrase’s advanced user management.

In this article, we will see how Phrase can help you provide additional security for your projects by employing the principle of least privilege (PoLP). But first, let’s discuss what this principle is about.

The Principle of Least Privilege Revealed

Principle of least privilege (PoLP), also known as the principle of least authority, is an important concept in computer security, promoting minimal user profile privileges on computers based on users’ job necessities. If that sounds a bit too abstract, imagine a simple scenario. You are leaving for a business trip and ask your friend Jim to go to your home and feed your cat. But he has to enter your apartment somehow, right? If you don’t want to bother, you would simply give Jim a bunch of your keys and say “use this one to open the door”. Still, that would mean Jim may also drive your car, open your safe, enter your office and so on.

Of course, you are confident Jim will never do that because you trust your friend. But what happens if he, for example, loses this collection of keys? That would certainly be bad news, especially if each key has a label saying what it opens! The more sane approach would be to give Jim a single key to your apartment without any labels. Basically, that’s the principle of least privilege in action. You give Jim only the privileges that he requires to perform a given task: feed your kitty. This way you are reducing the potential attack surface. In our example, Jim would theoretically be able to steal your favorite statuette from the kitchen, but he wouldn’t be able to drive your car or visit your office and read private documents.

The Principle of Least Privilege from the IT Perspective

We can now formulate yet another explanation of the principle of the least privilege. It dictates that any entity (be it your friend Jim, user account, or a computer process) should have only the bare minimum access rights that are required to fulfill its purpose. Giving any additional access rights “just in case” violates this principle, so if an entity does not need some permission, you revoke it. Now we can apply the principle of least privilege to the IT sphere.

Suppose, you want to hire a content manager to post new articles for your news website. Ask yourself: what permissions does the content manager require? Obviously, he or she should be able to create new materials. Also, s/he probably will need to edit these materials. However, your content manager does not need permissions to modify the site’s source code, edit its global settings, or manage other users.

Having implemented this scheme, you are once again reducing the attack surface. By saying “attack surface” I mean the vulnerabilities of the system that may be abused. It also relates to the potential harm caused to your system if the user decides to go rogue or if his/her account is hacked. In our case, the worst scenario would be the creation of fake articles or addition of random data to the existing ones. Still, if your website has a pre-moderation system (that involves checking new articles by a dedicated editor), the potential harm can be reduced further.

… and Operating Systems Too!

Principle of least privilege is implemented in operating systems as well. If you work on Windows, you have probably seen user access control (UAC) dialog boxes many times. Usually it asks whether you really want to perform some action. This is once again the principle of least privilege in action. Normally you are working with regular user permissions, and when some action requires elevated access rights, you are being explicitly asked whether you want to permit it. UAC helps to limit propagation of malware in your system, which is definitely a good thing.

If you are working on Linux, PoLP is met often as well. Specifically, when you need to perform an admin action, you have to type sudo and then enter your password. In all other instances, your account has limited access rights. By the way, that’s why they say “don’t work under a root account” — because it has full access rights and usually you don’t require such broad permissions.

Concluding Observations

The principle of least privilege is one of the recommended practices in information security. In many cases, its application is rather simple and, in general, involves two main steps:

  • Understanding what functions the given entity will be carrying out. Usually, it’s quite obvious, but sometimes the responsibilities may change, therefore a regular audit is recommended
  • Finding out which access rights you need to grant. This means, in turn, that you have to be familiar with your system and understand how it works. Without this knowledge, you won’t be able to deduce what level of access will be sufficient in the given case. Remember that it’s important not to grant too many permissions, while also not granting too few. In the first case, you are violating the principle and increasing the potential attack surface. In the latter, you are partially or fully prevent the given entity from carrying out its duties. To streamline this process, a role-based approach is recommended. It involves creating a handful of typical roles, each of which has a set of assigned permissions. Of course, in some cases you still may require to have more granular control over the assigned permissions, however role-based access control can still be really helpful.

The Principle of Least Privilege in Phrase

Now let’s see how Phrase helps you enforce principle of least privilege in your projects. Suppose you would like a developer to participate in one of your translation projects. Following PoLP, you should assign their new user permissions to access only this exact project — not all of them. And that’s what Phrase allows you to achieve: you may invite collaborators to specific projects directly instead of giving them full access to each and every project.

This enables more direct access to the contributing project and keeps the project management in control of the access levels. Developers are able to read and write all locales, style guides and blacklisted keys in their contributing translation project.

In order to invite someone to a project, follow these simple steps:

  1. Open your dashboard
  2. Click “People” in the top menu
  3. Press “Invite User”
  4. Enter his or her e-mail
  5. Choose a role. To limit the user to specific projects, choose either “developer” or “translator”
  6. Choose projects to give access to
  7. Press “Invite User”
  8. That’s it!

To learn more about user management in Phrase, check out “Working on localization projects efficiently, together (Part 1)”.

Be sure to subscribe and receive all updates from the Phrase Blog straight to your inbox. You’ll receive localization best practices, about cultural aspects of breaking into new markets, guides and tutorials for optimizing software translation and other industry insights and information. Don’t miss out!

The Principle of Least Privilege for Account Security
Rate this post
Author
Manuel Head of Engineering at Phrase
Comments