Applications involving cooperation between several users are often expressed in terms of operations on shared objects. The challenge is to provide adequate access to shared objects for cooperating principals while maintaining the required level of integrity and privacy for objects. We assume an open system environment populated with distributed and potentially shareable and persistent objects. Security mechanisms should be independent of application programs, ensuring the security of data objects regardless of the programs that are used to access them. In general, we need the ability to control access at the level of each of the operations of an object.We present a security model that reflects the structure of cooperative work, enabling users' security policies and other task requirements to be translated directly into access rights for those shared objects whose protection must be guaranteed for the successful outcome of cooperative tasks. Our model is derived from a study of some cooperative tasks in the real world [5]. The model is based on notions of group tasks, organisational roles and delegation. We consider briefly the implications of our security model for operating system design in the context of a shared object system based on a distributed shared memory model [1].

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Jacques Mossière , Xavier Rousset de Pina, Single address space or private address spaces?, Proceedings of the 6th workshop on ACM SIGOPS European workshop: Matching operating systems to application needs, September 12-14, 1994, Wadern, Germany  [doi>10.1145/504390.504410]
	2	Edward Wobber , Martín Abadi , Michael Burrows , Butler Lampson, Authentication in the Taos operating system, Proceedings of the fourteenth ACM symposium on Operating systems principles, p.256-269, December 05-08, 1993, Asheville, North Carolina, United States
	3	Butler Lampson , Martín Abadi , Michael Burrows , Edward Wobber, Authentication in distributed systems: theory and practice, ACM Transactions on Computer Systems (TOCS), v.10 n.4, p.265-310, Nov. 1992  [doi>10.1145/138873.138874]
	4	Jeffrey S. Chase , Henry M. Levy , Edward D. Lazowska , Miche Baker-Harvey, Lightweight shared objects in a 64-bit operating system, conference proceedings on Object-oriented programming systems, languages, and applications, p.397-413, October 18-22, 1992, Vancouver, British Columbia, Canada
	5	Coulouris, G.F. and Dollimore, J., Requirements for security in cooperative work: two case studies, Technical Report 671, Department of Computer Science, Queen Mary and Westfield College, May 1994.
	6	Daniel Hagimont, Protection in the Guide Object-Oriented Distributed System, Proceedings of the 8th European Conference on Object-Oriented Programming, p.280-298, July 04-08, 1994