In the access control model of security, an access control matrix associates rights for operations on objects with subjects. An approach for assigning rights to code at run-time involves determining the run-time rights of a piece of code by examining the attributes of the pieces of code that have run (including their origins) and any explicit requests to augment rights. Thus, this approach relies on the execution history for security. This history based approach reduces the difficulties and the error-proneness of securing extensible software systems.