SoK: Software Compartmentalization
Hugo Lefeuvre, Nathan Dautenhahn, David Chisnall, Pierre Olivier
IEEE Symposium on Security and Privacy 2025 · Day 3 · Systems Security and Access Control
In an era where software vulnerabilities are a constant threat, the principle of **least privilege** stands as a critical last line of defense. This talk, "SoK: Software Compartmentalization," presented at IEEE S&P, delves into a specific implementation of this principle: **software compartmentalization**. Given by Hugo Lefeuvre, with joint work from Nathan Dautenhahn, David Chisnall, and Pierre Olivier, the presentation introduces a comprehensive Systematization of Knowledge (SoK) that defines, categorizes, and analyzes the state-of-the-art in software compartmentalization. The core premise is that by splitting a program into isolated, distrusting components, an attacker who breaches one compartment will not automatically gain full control over the entire application, thereby significantly reducing the impact of successful exploits.