Compartmentalization and Privilege Management (CPM)
Abstract
The Compartmentalization and Privilege Management (CPM) program is developing new system frameworks, architectures, and tooling to provide fine grained, least privileged, compartmentalization that enables prevention and containment of cyber attacks. Today's information systems are structured around a monolithic core (the kernel) that operates within a single protection domain at a single high privilege level. This monolithic kernel contains many separate components, but because there are no protection boundaries between these components, a single compromise anywhere in the system allows attackers effectively unlimited access through an extended sequence of exploits and steps of privilege escalation and lateral motion. CPM is developing technologies and tools to automatically compartmentalize large legacy software systems and designing processor architectures and system software to enforce a compartment and privilege-level regime. CPM tools and architectures will prevent initial penetrations from propagating into successful cyber attacks.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2025
- Source ID
- fc030c60a5e15c4827acc885c304ee08