中文摘要：

特权控制机制是高安全等级操作系统中一个重要的组成部分，它能够提供系统恰当的安全保证级．给出了在自主开发的、符合GB17859—1999第4级“结构化保护级”的安胜安全操作系统中实现的一种多层次特权机制，它在用户管理层、主体功能层和程序文件3个层次实现特权控制和管理．该机制的实现使系统满足了RBAC的角色职责隔离、DTE域的动态功能隔离和POSIX标准的特权最小化等安全性质，证明以这种受控的方式使用特权可以有效地保证系统的安全性．

英文摘要：

As an important component of high-level secure operating systems, the privilege control mechanism can provide an appropriate level of security assurance for the system. It presents a multi-layered privilege control mechanism implemented in Ansheng OS V4.0, a copyrighted security operating system that satisfies all the specified requirements of criteria class 4, ＂Structured-Protection＂, in GB17859-1999 （equally, the B2 level in TCSEC）. This mechanism enforces privilege control and management in the user- level, function-level and program-level of the system, and it can make the system implementation responsibility separation with roles defined in the role-based access control policy, dynamic functionality separation with domains defined in the domain and type enforcement policy, least privilege principle required by the POSIX standard and therefore ensure the security of the system with the use of privilege in such a controlled manner.