Security is becoming an increasing concern for many reasons, not the least of which is the prevalence of networking and communications technologies making software programs remotely accessible. Traditional security enforcement models were built primarily to provide correct program isolation and access control restrictions primarily based on sequential program execution flow. In this model, a single execution security context is typically adequate as a basis for all security decisions for the executing program. This simple model has been extended to handle asynchronous operations, primarily to deal with slow data input/output (I/O) or to handle multiple independent network requests to a service. In these systems, it is fairly straightforward to create an independent security context on a new execution thread.
Software programs and the underlying hardware platforms used to execute software programs, however, are becoming increasingly complex and may use programming and execution techniques which create highly dynamic interactions between relatively short sequential execution program fragments. Such software programs may use static or dynamic scheduling of tasks onto concurrent processing threads in order to take advantage of multiple processors. This results in the security context for a program fragment potentially depending on the security contexts from multiple independent execution threads. Accordingly, there may be a need for improved security enforcement techniques to accommodate these and other new programming and execution paradigms.