Abstract: Separation of duty (SoD) is a fundamental means for prevention of fraud and errors. Based on the Chinese wall security policy, a model of history-based separation of duty is implemented and it tracks the history of user’s previous permissions record, from which the current permissions assigned to can be determined. The formal description and analysis about the model has been done and the model has been proved a well in accordance with principle of SoD. The model inherits the advantage of Chinese Wall security policy and separation of duty, and provides a more perfect access control stratagem.

Key words: Separation of duty(SoD), Chinese Wall, Conflict role

摘要： 职责分离是一个系统最基本的防止欺骗和错误的手段。该文在Chinese Wall安全策略的基础上，实现了一种基于历史记录的职责分离模型，通过跟踪用户的历史权限记录来决定用户当前分配的权限从而实现职责分离，并对其进行了形式化描述和分析，证明其满足职责分离安全原理。该模型继承了Chinese Wall策略和职责分离安全原则的优点，能够提供更加完善的访问控制策略。

关键词: 职责分离, Chinese Wall, 角色冲突

CLC Number: 

• TP309