Software Fault Isolation

Summary: SFI allows for the creation of multiple protection domains
inside a single address space.  Protection is provided by binary
rewriting, so unmodified binaries can be used.

Comment: SFI addresses the problem of memory protection: preventing
untrusted code from touching privledged code and data structures.
Wallach argues (SOSP 97) that the real problem is system security:
restricting untrusted code's access to the operating system and
trusted services.  SFI does not address this issue.

See also: Pallidium (SOSP 99), proof carrying code