An approach to safe object sharing

It is essential for security to be able to isolate mistrusting programs fro m one another, and to protect the host platform from programs. Isolation is difficult in object-oriented systems because objects can easily become ali ased. Aliases that cross program boundaries can allow programs to exchange information without using a system provided interface that could control in formation exchange. In Java, mistrusting programs are placed in distinct lo ader spaces but uncontrolled sharing of system classes can still lead to al iases between programs. This paper presents the object spaces protection mo del for an object-oriented system. The model decomposes an application into a set of spaces, and each object is assigned to one space. All method call s between objects in different spaces are mediated by a security policy. An implementation of the model in Java is presented.