Introduction

Object-Oriented Security is the practice of using common object-oriented design patterns as a mechanism for access control. Such mechanisms are often both easier to use and more effective than traditional security models based on globally-accessible resources protected by access control lists. Object-oriented security is closely related to object-oriented testability and other benefits of object-oriented design.

In an object-oriented security paradigm, simply having a reference to an object implies the right to use it. Security is effected by preventing objects from obtaining references to other objects to which they should not have access. Furthermore, common object-oriented design patterns intended to prevent clients of an interface from accessing implementation details can also be used to prevent malicious code from accessing sensitive resources.

Examples of object-oriented security practices include:

  • Preventing an object from accessing another object by never giving the first object a reference to the second.
  • Restricting the usage of an object by wrapping it in a narrower interface.
  • Preventing misuse by designing an interface so that it is difficult or impossible to use incorrectly.
  • Granting only temporary access to an object by wrapping it in a revocable forwarder.
  • Logging usage of an object by a particular party by wrapping the object in a logging forwarder.
  • Sandboxing an object by not giving it any references outside of a small, known-safe set.

Object-oriented security is not limited to use within object-oriented programming languages. The same principles can apply in a broader context. For instance, objects on the web can be identified by URLs. If an object's URL is an unguessable secret, then the only way to access that object is by first obtaining its URL from some other source. With this approach, object-oriented design principles can apply to these "web objects" just as readily as they apply to programming language objects.

Object-oriented security is fundamentally the same thing as capability-based security and the object-capability model, but stresses the fact that these design principles are already widely accepted and used in common object-oriented programming practice even where object-capabilities are not enforced. The same design patterns which make code agile, testable, and maintainable can also provide security.

This site

The purpose of this site is:

  1. To define the term "object-oriented security".
  2. To aggregate information on OOS design patterns.
  3. To help teach programmers how to write OOS software.
  4. To champion OOS projects, products, technologies, and standards.
To that end, more content will be added in the coming weeks.