The　privilege　in　the　operating　system　(OS)　often　results　in　the　break　of　confidentiality　and　integrity　of　the　system.　To　solve　this　problem,　several　security　mechanisms　are　proposed,　such　as　Role-based　Access　Control,　Separation　of　Duty.　However,　these　mechanisms　can　not　eliminate　the　privilege　in　OS　kernel　layer.　This　paper　proposes　a　Separation　of　Three　Powers　Architecture　(STPA).　The　authorizations　in　OS　are　divided　into　three　parts:　System　Management　Subsystem　(SMS),　Security　Management　Subsystem　(SEMS)　and　Audit　Subsystem　(AS).　Mutual　support　and　mutual　checks　and　balances　which　are　the　design　principles　of　STPA　eliminate　the　administrator　in　the　kernel　layer.　Furthermore,　the　paper　gives　the　formal　description　for　authorization　division　using　the　graph　theory.　Finally,　the　implementation　of　STPA　is　given.　Proved　by　experiments,　the　Separation　of　Three　Powers　Architecture　we　proposed　can　provide　reliable　protection　for　the　OS　through　authorization　division.　(C)　2012　Published　by　Elsevier　B.V.　Selection　and/or　peer-review　under　responsibility　of　Garry　Lee