The invention relates to a system and method for efficient security runtime. If the same security demand for permissions occurs twice during the same code path (i.e. execution stack) the latter can be automatically turned (optimized) into a security assertion based on the former demand. A security runtime can determine which assertions to establish in a call stack, using declarative security information kept in an assembly metadata and based on execution history to know what has already been demanded for a specific stack frame. If the method being called has been allowed to execute before then a demand may be replaced with an assertion for the same permissions within the call stack. If that frame was executed then it means the security demand was successfully evaluated. Furthermore, if the permission evaluation result is known to be static (e.g., its result will not change) it can be determined that another check on the same permissions is not required higher on the stack, so this demand can safely be replaced by an assertion, which can effectively speed up the code execution without sacrificing security.