Linda is a high level communication model which allows agents to communicate via a shared tuple spaces without knowing each other's identities and without having to arrange for a definite rendezvous. This high level of abstraction would make Linda particularly suitable for use as a coordination model for heterogeneous distributed systems, if it were not for the fact that the Linda communication is unsafe. In order to enhance the safety of tuple spaces, this paper introduces a mechanism for establishing security policies that regulate agent access to tuple spaces. Our mechanism is based on a previously published concept of law-governed interaction. It makes a strict separation between the formal statement of a policy, which we call a "law," and the enforcement of this law, which is carried our by a set of policy-independent trusted controllers. A new policy under this scheme is created basically by formulating its law, and can be easily deployed throughout a distributed system. Two examples policies are discussed here in detail: one ensures a secure bidding policy; the other prevents denial of service, by regulating the flow of requests sent to the tuple spaces.