Enhancement of Security Management in Security Operating System
安全操作系统中的安全管理增强功能

The common operating systems have some shortcomings in self-protecting and control of management. In this paper, a Privilege-Divided Model (PDM) designed by the author and his collegues is introduced in detail. According as the Least-privirege principle,PDM divides the privilege set of the former super-user into fractions and substitute the single super-user as several manager. PDM also adopts the mechanism of Capability and Voting. The inplementation of privilege-divided from management layer to kernel layer in a security enhanced operating system SoftOS will also be presented.