References: Reis, Charles, and Steven D. Gribble. “Isolating web programs in modern browser architectures.” In Proceedings of the 4th ACM European conference on Computer systems, pp. 219-232. 2009. More
2003 USENIX Security1: Privilege Escalation Services that require special privilege for their operation are critically sensitive. A programming error here may allow an adversary to obtain and abuse the special privilege. Privilege Separation Privilege Seperation: a generic approach to limit the scope of programming bugs. The basic priciple of privilege separation is to reduce the amount of code that runs with special privilege without affecting or limiting the functionality of the service.
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?