diff options
Diffstat (limited to 'sfi.mdwn')
-rw-r--r-- | sfi.mdwn | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/sfi.mdwn b/sfi.mdwn new file mode 100644 index 00000000..d14b1680 --- /dev/null +++ b/sfi.mdwn @@ -0,0 +1,8 @@ +SFI stands for Software-Based Fault Isolation. SFI is an [[isolation]] +technique described by Wahbe et al. in their 1993 paper [Effcient +Software-Based Fault Isolation](http://citeseer.ist.psu.edu/wahbe93efficient.html). +Instead of running code is a separate process, untrusted code +is loaded into into the host's address space, part of the address +space is reserved to the application and referred to as its fault +domain, and the code is rewritten such that it cannot modify or jump +to addresses outside of its fault domain. |