Research on the privilege control mechanism and modeling of a high level information system

In order to satisfy the least privilege requirement of a high level information system,a mandatory access control model EPMM is proposed.The privilege of system is divided into three parts: system manager,security manager and audit manager,and none of the managers can destroy the whole system.Formal description for authorization division is presented,and the main theorems of EPMM are proven,so it can reduce the system loss caused by disabled users and abnormal operations.