Design for fine-grained access control in Melampus

We believe that access controls for object-oriented systems should be fine-grained and thus apply to individual methods of individual objects. Efficiently supporting this approach is a challenging task, because (at least conceptually) a check is done on every method invocation. Our design uses access control lists and exploits virtual memory facilities to make these checks run fast. The costs include an extra level of indirection for method invocation and per-user storage for preprocessed access control information.