Principle of least privilege vs Interface segregation principle

Principle of Least Privilege (PoLP) is a security principle. As a security principle, it must be enforced. It cannot assume all participants are cooperating.

Interface Segregation Principle (ISP) is an API and service design principle. As David Amo pointed out in a comment, ISP is a way to facilitate the implementation of PoLP at the API and service level. However, there are some requirements:

• As a precondition of implementing PoLP, users of the system must be authenticated as security principals. (Do not be confused by the spelling.)
• Each operation shall be identified with the security principal that requests it.
• For implementers of a client-side (a user which is also a piece of software), it must be designed to request the least level of privilege necessary to perform its own function.
• The operation shall not be granted if the user does not have authorization (privilege) for that operation.
• When implemented together with ISP, one could group together operations belonging to the same kind of privilege, and put each group of these related operations into separate interfaces.

To enforce PoLP, at least one of these, and preferably both, should be enforced:

• Authorization check should be performed when a user requests an interface (following the design of ISP) at a different privilege level.
• Authorization check should be performed when a user performs any operation with any interface, every time.

The finer grain check is necessary because:

• Authorization can be revoked at any time. It is possible that authorization is revoked after a user has gained access to an interface (following the design of ISP). Nevertheless, a user who tries to perform an operation with such interface after revocation must be denied.
• In certain architectures and programming environments, it is possible to circumvent interfaces, by using reflection (in programming languages) or by manually crafting a message resembling a legitimate service request.

To conclude,

• ISP can make an PoLP system design easier to use, by grouping together of operations having related privilege levels.
• ISP can make an unintended privilege violation (e.g. a mistake by a programmer implementing a client-side) easier to detect and correct by raising the error at the time of interface request.
• ISP can enhance the ease of code maintenance due to the first two reasons. This benefit applies to projects that implement security principles.
• ISP alone does not meet the requirements of PoLP, or any security principle, as it is easily circumvented and therefore inadequate for any security purpose.
• PoLP has its own implementation requirements, along with a whole suite of other design patterns.

• object-oriented
• solid
• design-principles