The paper presents a software-based approach to fault isolation within a single address space, addressing the high performance cost of traditional hardware-based solutions. The authors propose two main components: loading distrusted modules into their own "fault domain" and modifying their object code to prevent unauthorized access. This approach is portable and language-independent, offering a trade-off between communication speed and execution time for distrusted modules. The authors demonstrate that for frequently communicating modules, software-enforced fault isolation can significantly improve end-to-end application performance, even though it incurs a slight increase in execution time. The paper also discusses the implementation details, performance measurements, and related work, showing that software-enforced fault isolation is particularly beneficial for applications with high fault isolation requirements.The paper presents a software-based approach to fault isolation within a single address space, addressing the high performance cost of traditional hardware-based solutions. The authors propose two main components: loading distrusted modules into their own "fault domain" and modifying their object code to prevent unauthorized access. This approach is portable and language-independent, offering a trade-off between communication speed and execution time for distrusted modules. The authors demonstrate that for frequently communicating modules, software-enforced fault isolation can significantly improve end-to-end application performance, even though it incurs a slight increase in execution time. The paper also discusses the implementation details, performance measurements, and related work, showing that software-enforced fault isolation is particularly beneficial for applications with high fault isolation requirements.