

Software compartmentalization vs. physical separation [pdf] - JoachimS
http://www.invisiblethingslab.com/resources/2014/Software_compartmentalization_vs_physical_separation.pdf

======
tbrownaw
So lots of tiny isolated security domains are more secure than a few larger
isolated security domains. As long as you trust the isolation. And as long as
you don't deliberately evade it (because it gets in the way).

