"In information security, computer science, and other fields, the principle of least privilege (also known as the principle of minimal privilege or the principle of least authority) requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose"
What is principle of least privilege (POLP)? - Definition from WhatIs.com
Capability-based security - Wikipedia, the free encyclopedia
AppLocker (Windows 10)
"AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers."
Lock down Windows 10 to specific apps (Windows 10)
Device Guard overview (Windows 10)
"Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications. If the app isn’t trusted it can’t run, period."