Abstract
In this paper we examine three interfaces for secure method invocation in single-address-space operating systems. We examine the advantages and drawbacks of each model, and how these models relate to linking and loading in the single address space. A model is chosen based on its ability to securely interface multiple languages with low overhead.