Fine-grained access control in a transactional object-oriented system

Abstract

We believe that access controls for object-oriented systems should be fine-grained and thus apply to individual methods of individual objects. The efficient support of fine-grained access control is challenging because a check is done on every method invocation. We present a design that uses access control lists (ACLs) and exploits virtual memory facilities to make these checks run fast. The costs include an extra level of indirection for method invocation and per-user storage for preprocessed access control information. Given a choice between immediacy of revocation and serializability of transactions, we selected a compromise that uses a nested top-level transaction for each invocation of an ACL method.