From 0180752439d3f5fdfe60ebad7d212723c4cc3ede Mon Sep 17 00:00:00 2001
From: GNU Hurd wiki engine <web-hurd@gnu.org>
Date: Sun, 19 Aug 2007 15:51:59 +0000
Subject: web commit by NealWalfield: Create.

---
 sfi.mdwn | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 sfi.mdwn

(limited to 'sfi.mdwn')

diff --git a/sfi.mdwn b/sfi.mdwn
new file mode 100644
index 00000000..19b71237
--- /dev/null
+++ b/sfi.mdwn
@@ -0,0 +1,8 @@
+SFI stands for Software-Based Fault Isolation.  SFI is an isolation
+technique described by Wahbe et al. in their 1993 paper [Effcient
+Software-Based Fault Isolation](http://citeseer.ist.psu.edu/wahbe93efficient.html).
+Instead of running code is a separate process, untrusted code
+is loaded into into the host's address space, part of the address
+space is reserved to the application and referred to as its fault
+domain, and the code is rewritten such that it cannot modify or jump
+to addresses outside of its fault domain.
-- 
cgit v1.2.3