Fast control in object-oriented repetitive access

In a repetitive transaction object-oriented system, a trade-off for an access control mechanism is accomplished in satisfying both the requirements of user friendliness and system performance. Since access control in object-oriented systems is applied to individual methods of individual objects, hence the overhead is extremely large because a check is done on every method invocation. To properly solve the two requirements above, we present a design with the following main features : (1) the whole environment is a central controlled, opened, object-oriented system with discretionary access control, and is trying to satisfy both hierarchical and non-hierarchical control requirements. (2) a rule-based method is provided for user to describe their access control policies (3). After a series of transformation and optimization processes, the access control policies are translated into access control list table with one to one mapping between resource object id´s and user id´s. (4) finally, because an ACL table is maintained in main memory for each user who repetitively use resource objects in the system, there is only zero or one disk access needed per one access authorization check. A theoretical analysis of the time complexity of this design has been made, and we have implemented it by using high speed workstation, UNIX, C++ and C-ISAM