Abstract
Isolating potentially malicious or compromised software is necessary to prevent it from compromising other software running in the same environment, let alone operating system and hardware security mechanisms. We will review several isolation mechanisms: virtual memory, software fault isolation (SFI), access control at the software interface (API) level, and machines with capabilities (such as the CHERI architecture).
