Definition
Compartmentalisation (Security)
Compartmentalisation is the security principle of organising resources into isolated groups (compartments) of similar needs.
Purpose
Isolation prevents attacks or errors in one compartment from propagating to others. Communication between compartments, if required, happens over controlled channels.
Levels
Compartmentalisation can be applied at different levels:
- Memory space: user versus kernel space; separation between processes
- Data and code: separation of data from executable code
- Software: modularisation of software
- Virtual machines: isolation via virtualisation
- Network zones: segmentation of network infrastructure