A method includes stalling an attempt to reference an object, and determining whether an attempter that originated the attempt is authorized to access the object. A content-based access control list is used to determine if the attempter is authorized access to the object. This content-based access control list can be customized to protect against malicious code or other threats. Further, attempt information about the attempt can be recorded allowing profiles to be built of what a user or process is doing on a computer system.