Complete mediation

Every access attempt must be intercepred and determined to be accourding to security policy.

Example

Server must do every checks, because users can create or modify their own client.

References

1. (Wheeler, 2021), https://dwheeler.com/secure-programs/Secure-Programs-HOWTO/follow-good-principles.html
2. http://www.cs.cornell.edu/courses/cs5430/2017sp/l/03-principles/notes.html