A framework of secure object system architecture

The paper presents some basic principles for the design of secure object oriented operating systems. The security relies on the control of right to call an object method. Capabilities are used to implement the control scheme. Our capabilities are named to enforce security (capabilities don't have to be kept secret) and provide a per entity controlled propagation scheme. The propagated capabilities can be limited in different ways for different applications. Capability implementation, creation and rights propagation are discussed. Object migration and garbage collection are presented. We also introduce the problems of time synchronization and distribution of the public key server.