Isolation without Containers

Eric turned the weekly meeting with Ward toward a rich discussion on software lineage resulting in WASM by sharing this talk on "Isolation without Containers" Wiki Dev/User Video Chat Oct 31

YOUTUBE FkM1L8-qcjU Isolation without Containers by Tyler McMullen


Software Fault Isolation, or SFI, is a way of preventing errors or unexpected behavior in one program from affecting others. Sandboxes, processes, containers, and VMs are all forms of SFI. SFI is a deeply important part of not only operating systems, but also browsers, and even server software. The ways in which SFI can be implemented vary widely. Operating systems take advantage of hardware capabilities, like the MMU (Memory Management Unit). Others, like processes and containers, use facilities provided by the operating system kernel to provide isolation. Some types of sandboxing even use a combination of the compiler and runtime libraries in order to provide safety.

Which brings us back to Alan Kay's and Mark Miller's on object-capabilities in programming languages for safety on the internet.