【摘要】 <正> 1 引言基于BLP模型构建的强制访问控制系统都存在一个问题:在实际应用中,存在多用户(通常是不同级别的用户)之间存在信息共享,这意味着将违反信息单向流动性原则。为了解决这样一个问题,安全操作系统中通常采用了折衷的方案:将超级用户独立于强制访问控制的约束体系之外,并由它来完更多还原

【Abstract】 In Linux management is still based on some privilege system call,and this is a great underlying threat to system. Privilege-Divided Model (PDM) comes out to solve the problem. In the model, privilege is divided into some parts,each part or several parts can only do some special task which need privilege. So the potential threat is cut down by this mechanism. This paper gives an analysis on the idea of privilege-divided,and illuminates how to design and get privilege-divided system into reality.更多还原