Immutable Service Containers

Glen Brunette describes at the Sun Wiki the concept of the Immutable Service Containers (ISC):

Immutable Service Containers (ISC) are an architectural pattern used to describe a platform for highly secure service delivery. While the actual instantiation of an ISC can differ based upon customer and application requirements, an ISC embodies at its core the key principles inherent in the Sun Systemic Security framework including: self-preservation, defense in depth, least privilege, compartmentalization and proportionality.

A really interesting concept! By delivering the service by a zone in conjunction of denying write access to the binaries or configurations and vastly locking down the privileges you can build a really secure environment.