“…Unfortunately, this also enables malicious modules to extract data stored in the same address space, or, even more worrysome, to attack the operating system. Avonds et al [4] and Strackx et al [20] propose a mechanism to isolate potential attack vectors in an application (e.g., parsers) from likely attack targets (e.g., cryptographic keys). Using an approach similar to PMAs, they divide large applications in multiple compartments where each compartment can only be accessed through the interface they expose explicitly.…”