Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SoK: Software Compartmentalization

Hugo Lefeuvre, Nathan Dautenhahn, David Chisnall, Pierre Olivier

TL;DR

The paper addresses why software compartmentalization, despite decades of evidence and proven projects, has not become mainstream. It introduces a unified model and a three-part taxonomy (policy definition, abstractions, and mechanisms) to systematically analyze and compare compartmentalization approaches, applying them to 211 research works and 61 deployed systems. Key findings reveal a heavy reliance on manual separation, custom abstractions, and legacy mechanisms in practice, contrasted with more automated and mechanism-agnostic approaches in research. The authors advocate a holistic approach, simpler policy definitions, richer threat models, and closer alignment between research and production to accelerate adoption and effectiveness of software compartmentalization.

Abstract

Decomposing large systems into smaller components with limited privileges has long been recognized as an effective means to minimize the impact of exploits. Despite historical roots, demonstrated benefits, and a plethora of research efforts in academia and industry, the compartmentalization of software is still not a mainstream practice. This paper investigates why, and how this status quo can be improved. Noting that existing approaches are fraught with inconsistencies in terminology and analytical methods, we propose a unified model for the systematic analysis, comparison, and directing of compartmentalization approaches. We use this model to review 211 research efforts and analyze 61 mainstream compartmentalized systems, confronting them to understand the limitations of both research and production works. Among others, our findings reveal that mainstream efforts largely rely on manual methods, custom abstractions, and legacy mechanisms, poles apart from recent research. We conclude with recommendations: compartmentalization should be solved holistically; progress is needed towards simplifying the definition of compartmentalization policies; towards better challenging our threat models in the light of confused deputies and hardware limitations; as well as towards bridging the gaps we pinpoint between research and mainstream needs. This paper not only maps the historical and current landscape of compartmentalization, but also sets forth a framework to foster their evolution and adoption.

SoK: Software Compartmentalization

TL;DR

The paper addresses why software compartmentalization, despite decades of evidence and proven projects, has not become mainstream. It introduces a unified model and a three-part taxonomy (policy definition, abstractions, and mechanisms) to systematically analyze and compare compartmentalization approaches, applying them to 211 research works and 61 deployed systems. Key findings reveal a heavy reliance on manual separation, custom abstractions, and legacy mechanisms in practice, contrasted with more automated and mechanism-agnostic approaches in research. The authors advocate a holistic approach, simpler policy definitions, richer threat models, and closer alignment between research and production to accelerate adoption and effectiveness of software compartmentalization.

Abstract

Decomposing large systems into smaller components with limited privileges has long been recognized as an effective means to minimize the impact of exploits. Despite historical roots, demonstrated benefits, and a plethora of research efforts in academia and industry, the compartmentalization of software is still not a mainstream practice. This paper investigates why, and how this status quo can be improved. Noting that existing approaches are fraught with inconsistencies in terminology and analytical methods, we propose a unified model for the systematic analysis, comparison, and directing of compartmentalization approaches. We use this model to review 211 research efforts and analyze 61 mainstream compartmentalized systems, confronting them to understand the limitations of both research and production works. Among others, our findings reveal that mainstream efforts largely rely on manual methods, custom abstractions, and legacy mechanisms, poles apart from recent research. We conclude with recommendations: compartmentalization should be solved holistically; progress is needed towards simplifying the definition of compartmentalization policies; towards better challenging our threat models in the light of confused deputies and hardware limitations; as well as towards bridging the gaps we pinpoint between research and mainstream needs. This paper not only maps the historical and current landscape of compartmentalization, but also sets forth a framework to foster their evolution and adoption.

Paper Structure

This paper contains 40 sections, 4 tables.

Table of Contents

  1. Introduction
  2. A Model of Software Compartmentalization
  3. Evaluating Compartmentalization
  4. Scope of this SoK
  5. Key Differentiators
  6. Subject Selection
  7. Target Properties
  8. Trust & Threat Model(s)
  9. A Taxonomy of Compartmentalization
  10. Policy Definition Methods (P1)
  11. Automation
  12. Policy Languages
  13. Separation Granularities
  14. Analysis Techniques
  15. Subject Selections
  16. ...and 25 more sections