SA-8(2): Least Common Mechanism

Supplemental Guidance

The principle of least common mechanism states that the amount of mechanism common to more than one user and depended on by all users is minimized (G. Popek, *The Principle of Kernel Design*, in 1974 NCC, AFIPS Cong. Proc., Vol. 43, pp. 977-978.). Mechanism minimization implies that different components of a system refrain from using the same mechanism to access a system resource. Every shared mechanism (especially a mechanism involving shared variables) represents a potential information path between users and is designed with care to ensure that it does not unintentionally compromise security (J. Saltzer and M. Schroeder, *The Protection of Information in Computer Systems*, in Proceedings of the IEEE 63(9), September 1975, pp. 1278-1308.). Implementing the principle of least common mechanism helps to reduce the adverse consequences of sharing the system state among different programs. A single program that corrupts a shared state (including shared variables) has the potential to corrupt other programs that are dependent on the state. The principle of least common mechanism also supports the principle of simplicity of design and addresses the issue of covert storage channels (B. W. Lampson, *A Note on the Confinement Problem*, Communications of the ACM 16, 10, pp. 613-615, October 1973.).