Multi-compartment is a flexible, lightweight architecture for embedded systems that allows multiple protection domains (compartments) to securely share processing and memory resources. Compartments run in physical address space and enjoy direct access to security-critical initiator devices, such as DMA devices, while remaining protected from one another.