Here are three design criteria for such a layer. Of course, it has to be efficient -- we can't have it slowing the application to a crawl, since we want our security checks in there all the time, e.g., in a production web server. It also needs to be transparent: it must avoid modifying the behavior of the application. Finally, it must be comprehensive, able to monitor every control transfer.

Now, let's take a step back -- if we had this software layer that can observe everything the application does, in an efficient, transparent, and comprehensive manner, we can do a lot more than just enforce an execution model.