As should be familiar to a person of ordinary skill in the art of programming, the term “application” typically refers to an executable program that carries out some functions. In object-oriented programming, a class is a programming language construct used to group related fields and methods. An application may use a class to create a new instance (object) by instantiating the class. Objects define their interaction with the outside world through the methods that they expose. A method, or function, of a class is a subroutine for carrying out a specific task, often relatively independent of the rest of the code of the class. Functions are often associated with zero or more input parameters. Advantageously, executable code for an application can be loaded onto a computing device and make use of classes that are preexisting on the device. Classes are often preexisting on a device in a runtime environment executed by an operating system on the device.
The US government has identified desired functionality for an operating system in the form of a Common Criteria Protection Profile (see www.commoncriteriaportal.org). A particular item of functionality is the ability for the operating system to ensure that a given operation does not violate a defined security policy in advance of executing the given operation. For example, prior to allowing a remote user to write to a local file, the operating system should verify that all permissions are granted accordingly.
As such, those involved in creating operating systems are always interested in improving the security of their products.