Improving Least Privilege in Software Architecture by Guided Automated Compartmentalization

Security principles, like least privilege, are among the resources in the body of knowledge for security that survived the test of time. Support for these principles at architectural level is limited, as there are no systematic rules on how to apply the principle in practice. As a result, these principles are often neglected since it requires a lot of effort to apply them consistently. This paper addresses this gap for the principle of least privilege in software architecture by elicitating architectural transformations that positively impact the least properties of the architecture, while preserving the semantics thereof.