summaryrefslogtreecommitdiff
path: root/sfi.mdwn
blob: 4b57d7c6c13a68bc6567850f1bab40c35aae6046 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[[!meta copyright="Copyright © 2007, 2008 Free Software Foundation, Inc."]]

[[!meta license="""[[!toggle id="license" text="GFDL 1.2+"]][[!toggleable
id="license" text="Permission is granted to copy, distribute and/or modify this
document under the terms of the GNU Free Documentation License, Version 1.2 or
any later version published by the Free Software Foundation; with no Invariant
Sections, no Front-Cover Texts, and no Back-Cover Texts.  A copy of the license
is included in the section entitled
[[GNU Free Documentation License|/fdl]]."]]"""]]

SFI stands for Software-Based Fault Isolation.  SFI is an [[isolation]]
technique described by Wahbe et al. in their 1993 paper [Effcient
Software-Based Fault Isolation](http://citeseer.ist.psu.edu/wahbe93efficient.html).
Instead of running code is a separate process, untrusted code
is loaded into into the host's address space, part of the address
space is reserved to the application and referred to as its fault
domain, and the code is rewritten such that it cannot modify or jump
to addresses outside of its fault domain.