【正文】 literature the notion of SoD first appeared in Saltzer and Schroeder under the name “separationof privilege”. ? 1992： In one of the earliest papers on RBAC, Ferraiolo and Kuhn used the terms static and dynamic SoD to refer to static and dynamic enforcement of SoD. ? 1995： Ferraiolo et al. defined static SoD as: “A user is authorized as a member of a role only if that role is not mutually exclusive with any of the other roles for which the user already possesses membership.” SoD簡(jiǎn)介 ① ssod definition ② smer definition SoD簡(jiǎn)介 ? The dangers with equating SMER constraints with SoD policies is ① A danger with equating SMER constraints with SoD policies is that the SMER constraints may be specified without a clear specification of what objectives they are intended to meet。 ② 將 SSoD從用戶權(quán)限級(jí)別轉(zhuǎn)換到用戶角色級(jí)別 ssodsmer 研究展望 ① ssod {p1 ,…,pm}, k (1≤k ≤m) 是否能夠完全滿足靜態(tài)職責(zé)分離要求？ ② smeur,smeru,smepu,smepr,smeou,smeop,smeor均是 P問題，是否可借鑒 ssodsmer。 ? 最簡(jiǎn)單形式： {u1,u2},{r1},r1不能同時(shí)指派給用戶 u1和 u2. ? 四種類型： ① 一個(gè) user一個(gè) role： {u1},{r1} ② 一個(gè) user多個(gè) role： {u1},{r