Adapting Software Fault Isolation to Contemporary CPU Architectures

Software Fault Isolation (SFI) is an effective approach to sandboxing binary code of questionable provenance, an interesting use case for native plugins in a Web browser. The authors present software fault isolation schemes for ARM and x86-64 that provide control-flow and memory integrity with average performance overhead of under 5% on ARM and 7% on x86-64. They believe these are the best known SFI implementations for these architectures, with significantly lower overhead than previous systems for similar architectures.

Provided by: USENIX Association Topic: Data Centers Date Added: Jun 2010 Format: PDF

Find By Topic