As per the category’s description, we assume that each message has a sender and a receiver. Following Clarkson and Schneider, we define access control as the property that in the message history of an object, the sender of the message has the required permissions according to the access control matrix for the previous version of the object, i.e., the one that is about to process the message.
The simplest instance is that each object has a static access control matrix, which is fixed at object creation, i.e., determined by the object type in AVM terminology.