Watson, R. N. M., Murdoch, S. J., Gudka, K., Anderson, J., Neumann, P. G., & Laurie, B. (2013, 19-20 March). Towards a theory of application compartmentalisation. Paper presented at the Security Protocols, Cambridge, UK.
Application compartmentalisation decomposes software applications into sandboxed components, each delegated only the rights it requires to operate. Compartmentalisation is seeing increased deployment in vulnerability mitigation, motivated informally by appeal to the principle of least privilege. Drawing a comparison with capability systems, we consider how a distributed system interpretation supports an argument that compartmentalisation improves application security.