Described is a system and method for monitoring and enforcing information flow security in software systems. The system maintains security tags and reference counts for objects in computer memory. When an object or a portion of an object in the computer memory is being modified, the system arbitrarily performs operations of updating a security tag for the object being modified; updating reference counts for all objects that the portion of the object in the computer memory being modified pointed to immediately prior to modification; and updating reference counts for all objects that the portion of the object in the computer memory being modified points to immediately after the modification. Subsequently, the system examines the security tags and if the examination reveals a potential information flow security violation, a corrective action is performed.