[Blasa]

For those that haven't come across it before the object-capability model deals with this sort of problem.

http://en.wikipedia.org/wiki/Object-capability_model

Edit: That of restricting each process to only be allowed to do certain things.