Beyond Good and Evil: Formalizing the Security Guarantees of Low-Level Compartmentalization