Data Centers

Adapting Software Fault Isolation to Contemporary CPU Architectures

Download Now Date Added: Jun 2010
Format: PDF

Software Fault Isolation (SFI) is an effective approach to sandboxing binary code of questionable provenance, an interesting use case for native plugins in a Web browser. The authors present software fault isolation schemes for ARM and x86-64 that provide control-flow and memory integrity with average performance overhead of under 5% on ARM and 7% on x86-64. They believe these are the best known SFI implementations for these architectures, with significantly lower overhead than previous systems for similar architectures.