ABSTRACT
Compartmentalization includes a full mandatory
access control implementation and several other
kernel-level hardening features:
Network stack separation Triggers for intrusion detection Control of “super user” privileges Principle of least privilege
In contrast, a patched OS is typically a commercial OS
from which the administrator turns off or removes all
unnecessary services and installs the latest security
patches from the OS vendor. A patched OS has had no
modifications made to the kernel source code to enhance
security.
