Impose Privilege-Divided Policy on Security-Enhanced Operation System
安全操作系统中系统分权的实现

In Linux management is still based on some privilege system call,and this is a great underlying threat to system. Privilege-Divided Model (PDM) comes out to solve the problem. In the model, privilege is divided into some parts,each part or several parts can only do some special task which need privilege. So the potential threat is cut down by this mechanism. This paper gives an analysis on the idea of privilege-divided,and illuminates how to design and get privilege-divided system into reality.