职责分离

研究了在Alloy中表达职责分离约束、用户资质约束和执行风险约束的方法，并讨论了验证这些约束的可满足性、分析与安全需求相匹配程度的方法。

We study the method of expressing separation of duty constraint 、 qualification constraint of users and enforcement risk constraint in Alloy , discuss the methods of verifying the satisfiability of these constraints and analyzing the degree at which security constraints match security requirement .

RBAC-GP实现了职责分离原则和权限最小化原则，能有效防止权限滥用；

RBAC-GP realizes the principle of separation of duty and the principle of minimum privileges , so it can prevent from abusing privileges .

然后描述了一个工作流授权模型，并结合职责分离原则（SoD），提出了具有动态SoD限制的授权模型。

Then the workflow authorization model was described . As well the authorization model was presented by integrating with separation of duties ( SoD ) .

RBAC模型直接支持三个基本的安全原则：职责分离、最少权限和数据抽象。

The RBAC Model directly supports three well-known security principles : separation of duties , least privilege , and data abstraction .

另外，这个解决方案支持职责分离，原因是它的运行独立于由DBAs管理的数据库驻留实用程序。

Plus , the solution supports separation of duties , because it operates independently of database-resident utilities that are managed by DBAs .

一种基于Clark-Wilson模型的职责分离算法及应用

A Method to Separate the Duties and its Application Based on Clark-Wilson Model

四眼原则（The4-eyesprinciple），通常又被称为“职责分离”，它是决策由多人彼此独立作出时的一个常见场景。

The4-eyes principle , often referred to as " separation of duties ," is a common scenario when a decision is made by two or more people independently of one another .

本文提出和实现了一种基于Clark-Wilson模型的职责分离算法，该算法主要用于分散过于集中的权限。

In this paper , a method to separate the duties based on Clark-Wilson model is put forward and realized .

该文提出一种支持动态约束的Clark-Wilson模型，并进一步对该模型的良构事务和职责分离规则进行了描述。

In this paper a dynamic constrained Clark-Wilson model is proposed and the principle of well-formed transaction and the principle of duty separation are described .

虽然今年年初的股东投票材料中写道：“公司更倾向于董事会主席与CEO的职责分离的治理结构，因为这种结构将使公司CEO致力于商业策略与运营。”但文件下文却变得模棱两可。

While the shareholder voting materials earlier this year said that , " The Board 's preferred governance structure is to separate the roles of Chairman and CEO because it allows our CEO to focus primarily on our business strategy and operations , " later on , the same document equivocates .

详细介绍了模型中的几种委托约束条件：先决条件、职责分离约束、时间约束、委托深度约束、CWSP约束，并给出了CWSP约束判定的两个重要算法。

Delegation constraint conditions in the model are introduced in detail , including prerequisite condition , separation of duty constraint , time constraint , delegation depth constraint , CWSP constraint ; and two important algorithm in the process of CWSP judgement are proposed . 3 .

带有空间特性的角色访问控制模型Spatial-RBAC规定系统达到必要的安全要求须满足一定的空间约束，即空间区域约束、空间角色激活基数约束和空间职责分离约束。

In order to achieve the necessary safety requirements , the role-based access control model Spatial-RBAC , with the spatial characteristics , must meet the three constraints : the constraint on spatial region , the spatial separation of duty constraint and the constraint on cardinality of spatial role activation .

基于角色的访问控制中职责分离的设计与实现

Design and Implementation of Separation of Duties in Role-Based Access Control

多域间动态角色转换的职责分离

Separation of Duty in Dynamic Role Translations Between Administrative Domains

法规遵从性的另一个特征是职责分离。

Another aspect of regulatory compliance is separation of duties .

开发者和团队之间更好的职责分离。

Better separation of responsibilities between developers and teams .

然而，该标准仅支持一种约束，即职责分离约束。

But the standard supports only one constraint type , namely separation of duty .

然后基于职责分离的思想，提出了完全消除冲突的策略。

The policy based on the separation of duty is proposed to eliminate the conflict .

一个带有时间特性的职责分离模型

A Time-Based Separation of Duty Model

角色互斥实现访问控制模型职责分离原则

The Implement of the Principle of Separation of Duties in Access Control Model Based on Exclusive Role

讨论了模型体系结构，承诺担保机制，授权职责分离以及访问控制。

Its architecture , promise & assurance mechanism , separation of duties of authorization and access control are discussed .

在安全约束上，主要考虑了职责分离约束和职责绑定约束。

In the aspect of security constraints , we mainly consider separation of duty and binding of duty constraints .

模型中引入权限冲突、任务冲突、角色冲突等实体关系来描述职责分离。

Concepts of conflicting permissions , conflicting tasks , and conflicting roles are proposed to describe the separation of duty .

本文从以下几方面介绍了基于角色的访问控制：概述，定义，最小特权策略，职责分离和结论。

This paper introduces RBAC as follows : Introduction , definition , Principle of Least Privilege , Separation of Duties and Conclusions .

角色互斥是实现职责分离的一种重要方法。介绍了角色互斥的特征，以及利用角色互斥达到职责分离的充分必要条件。

This paper explores some aspects of mutual exclusion of roles , necessary and sufficient conditions for separation of duty to hold .

例如，职责分离安全约束要求一定数量的用户共同执行特定的敏感任务，用于防范用户的欺诈行为。

For example , separation of duties requires sensitive tasks should be accomplished together by a certain amount of users in order to prevent fraud .

职责分离是基于角色的访问控制的特征之一，也是许多商用系统和军用系统的一个重要要求。

Separation of duty is an important property of role-based access control ( RBAC ) and a necessary request of both commercial and military systems .

对角色的授权约束加入空间特性，使之能够形式化描述多个层面的空间职责分离约束，从而适用于无线网络的应用环境。

This paper also extends a role-based authorization constraint model to describe constraints with spatial character on different levels , which is suited for wireless network .

不要低估老一套的、非技术的控制，它们在金融机构中一直行之有效：职责分离、强迫雇员休假、双重控制系统等等。

Don 't underestimate the old-fashioned , non-technical controls that have served financial institutions well : separation of duties , forcing employees to take vacations , dual-control systems , etc.

虽然队列管理器可以履行多种角色，但是职责分离应该在队列级别进行，最好是在队列名称中使用功能标识符来实现。

While the queue manager can fulfill multiple roles , the segregation of responsibility should occur at the queue level , preferably with a function identifier in the queue name .