【正文】 literature the notion of SoD first appeared in Saltzer and Schroeder under the name “separationof privilege”. ? 1992： In one of the earliest papers on RBAC, Ferraiolo and Kuhn used the terms static and dynamic SoD to refer to static and dynamic enforcement of SoD. ? 1995： Ferraiolo et al. defined static SoD as: “A user is authorized as a member of a role only if that role is not mutually exclusive with any of the other roles for which the user already possesses membership.” SoD簡介 ① ssod definition ② smer definition SoD簡介 ? The dangers with equating SMER constraints with SoD policies is ① A danger with equating SMER constraints with SoD policies is that the SMER constraints may be specified without a clear specification of what objectives they are intended to meet。 ② 將 SSoD從用戶權限級別轉換到用戶角色級別 ssodsmer 研究展望 ① ssod {p1 ,…,pm}, k (1≤k ≤m) 是否能夠完全滿足靜態(tài)職責分離要求？ ② smeur,smeru,smepu,smepr,smeou,smeop,smeor均是 P問題，是否可借鑒 ssodsmer。 ? 最簡單形式： {u1,u2},{r1},r1不能同時指派給用戶 u1和 u2. ? 四種類型： ① 一個 user一個 role： {u1},{r1} ② 一個 user多個 role： {u1},{r