(1) The sandboxing module of the Security Manager translates the application’s manifest file into system-specific access table, (2) when an application becomes active, the sandboxing module configures the secure peripherals according to the access table and enforces MPU protections, and (3) the application can then only access peripherals according to the permissions.