Security Protocols XXI

Volume 8263 of the series Lecture Notes in Computer Science pp 19-27

Towards a Theory of Application Compartmentalisation

  • Robert N. M. WatsonAffiliated withUniversity of Cambridge
  • , Steven J. MurdochAffiliated withUniversity of Cambridge
  • , Khilan GudkaAffiliated withUniversity of Cambridge
  • , Jonathan AndersonAffiliated withUniversity of Cambridge
  • , Peter G. NeumannAffiliated withSRI International
  • , Ben LaurieAffiliated withGoogle UK Ltd.

* Final gross prices may vary according to local VAT.

Get Access


Application compartmentalisation decomposes software applications into sandboxed components, each delegated only the rights it requires to operate. Compartmentalisation is seeing increased deployment in vulnerability mitigation, motivated informally by appeal to the principle of least privilege. Drawing a comparison with capability systems, we consider how a distributed system interpretation supports an argument that compartmentalisation improves application security.