Sandbox (computer security)

Encyclopedia : S : SA : SAN : Sandbox (computer security)

For the wikipedia element, see [Sandbox]

In computer security, a sandbox is a security mechanism for safely running programs. It is often used to execute untested code, or programs from unverified third-parties, suppliers and untrusted users.

The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices is usually disallowed or heavily restricted. In this sense, sandboxes are a specific example of virtualization.

Some examples of sandboxes are:

Applets are self-contained programs that run on a virtual machine or scripting language interpreter that does the sandboxing. This arrangement is popular in web browsers, which use this mechanism to safely execute applets embedded in untrusted web pages. Java applets in particular are provided (at minimum) a rectangle of screen space with which to interact with the user and some persistent storage (at the user's permission).
Jails are a special kind of resource limit imposed on programs by the operating system.
Virtual machines emulate a complete host computer, on which an entire operating system can run. The guest operating system is sandboxed in the sense that it does not run natively on the host and can only affect it through the intermediary emulator.
Capability systems can be thought of as a fine-grained sandboxing mechanism, in which programs have the ability to do specific things based on what capabilities (usually represented as opaque tokens) they hold.

Sometimes a sandbox is set up to run programs that are still under development and have the potential to damage the system or which are otherwise difficult to restore to their original configuration. These test systems replicate (often in reduced size or capacity) the actual computing environment for which software is being developed. The presence of such a safe, controlled environment allows developers to try experimental code without fear of damaging a mission-critical system.

From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.