Architecture of enforcement mechanisms
- Reference monitor context switches can be slow.
- Wrapper (=interpreter) can be slow.
- Program modification:
- Allows policies in terms of application abstractions.
- Pay only for what you need.
- Enforcement without context switches into kernel.
- Isolates state of enforcement mechanism.