SFI stands for Software-Based Fault Isolation. SFI is an isolation technique described by Wahbe et al. in their 1993 paper Effcient Software-Based Fault Isolation. Instead of running code is a separate process, untrusted code is loaded into into the host's address space, part of the address space is reserved to the application and referred to as its fault domain, and the code is rewritten such that it cannot modify or jump to addresses outside of its fault domain.