In
computer security
Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and computer network, n ...
, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software
vulnerabilities
Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...
from spreading. The
sandbox
A sandbox is a sandpit, a wide, shallow playground construction to hold sand, often made of wood or plastic.
Sandbox or sand box may also refer to:
Arts, entertainment, and media
* Sandbox (band), a Canadian rock music group
* Sandbox (Gu ...
metaphor derives from the concept of a child's sandbox—a play area where children can build, destroy, and experiment without causing any real-world damage. It is often used to kill untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or
operating system
An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs.
Time-sharing operating systems scheduler (computing), schedule tasks for ...
. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory
scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted.
In the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of
virtualization
In computing, virtualization (abbreviated v12n) is a series of technologies that allows dividing of physical computing resources into a series of virtual machines, operating systems, processes or containers.
Virtualization began in the 1960s wit ...
. Sandboxing is frequently used to test unverified programs that may contain a
virus
A virus is a submicroscopic infectious agent that replicates only inside the living Cell (biology), cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Viruses are ...
or other
malicious code without allowing the software to harm the host device.
Implementations
A sandbox is implemented by executing the software in a restricted operating system environment, thus controlling the resources (e.g.
file descriptor
In Unix and Unix-like computer operating systems, a file descriptor (FD, less frequently fildes) is a process-unique identifier (handle) for a file or other input/output resource, such as a pipe or network socket.
File descriptors typically h ...
s, memory, file system space, etc.) that a process may use.
Examples of sandbox implementations include the following:
*
Linux
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
application sandboxing, built on
Seccomp,
cgroups and
Linux namespaces. Notably used by
Systemd
systemd is a software suite that provides an array of system components for Linux operating systems. The main aim is to unify service configuration and behavior across Linux distributions. Its primary component is a "system and service manage ...
,
Google Chrome
Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, an ...
,
Firefox
Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements curr ...
,
Firejail.
*
Android was the first mainstream operating system to implement full application sandboxing, built by assigning each application its own Linux user ID.
*
Apple
An apple is a round, edible fruit produced by an apple tree (''Malus'' spp.). Fruit trees of the orchard or domestic apple (''Malus domestica''), the most widely grown in the genus, are agriculture, cultivated worldwide. The tree originated ...
App Sandbox is required for apps distributed through Apple's
Mac App Store
The Mac App Store (also known as the App Store) is a digital distribution platform for macOS apps, often referred to as Mac apps, created and maintained by Apple. The platform was announced on October 20, 2010, at Apple's "Back to the Mac" eve ...
and
iOS
Ios, Io or Nio (, ; ; locally Nios, Νιός) is a Greek island in the Cyclades group in the Aegean Sea. Ios is a hilly island with cliffs down to the sea on most sides. It is situated halfway between Naxos and Santorini. It is about long an ...
/
iPadOS
iPadOS is a mobile operating system developed by Apple for its iPad line of tablet computers. It was given a name distinct from iOS, the operating system used by Apple's iPhones to reflect the diverging features of the two product lines, suc ...
App Store
An app store, also called an app marketplace or app catalog, is a type of digital distribution platform for computer software called applications, often in a mobile context. Apps provide a specific set of functions which, by definition, do not i ...
, and recommended for other signed apps.
*
Windows Vista
Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, released five years earlier, which was then the longest time span between successive releases of Microsoft W ...
and later editions include a "low" mode process running, known as
"User Account Control" (UAC), which only allows writing in specific directories and registry keys.
Windows 10 Pro, from version 1903, provides a feature known as Windows Sandbox.
*
Google
Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...
Sandboxed API.
*
Virtual machine
In computing, a virtual machine (VM) is the virtualization or emulator, emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve ...
s
emulate a complete host computer, on which a conventional operating system may boot and run as on actual hardware. The guest operating system runs sandboxed in the sense that it does not function natively on the host and can only access host resources through the emulator.
* A
jail
A prison, also known as a jail, gaol, penitentiary, detention center, correction center, correctional facility, or remand center, is a facility where people are imprisoned under the authority of the state, usually as punishment for various cr ...
: network-access restrictions, and a restricted file system namespace. Jails are most commonly used in
virtual hosting.
* Rule-based execution gives users full control over what processes are started, spawned (by other applications), or allowed to inject code into other applications and have access to the net, by having the system assign access levels for users or programs according to a set of determined rules. It also can control file/registry security (what programs can read and write to the file system/registry). In such an environment, viruses and
Trojans have fewer opportunities for infecting a computer. The
SELinux and
Apparmor security frameworks are two such implementations for
Linux
Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
.
* Security researchers rely heavily on sandboxing technologies to analyse malware behavior. By creating an environment that mimics or replicates the targeted desktops, researchers can evaluate how malware infects and compromises a target host. Numerous
malware analysis services are based on the sandboxing technology.
*
Google Native Client is a sandbox for running compiled C and C++ code in the browser efficiently and securely, independent of the user's operating system.
*
Capability systems can be thought of as a fine-grained sandboxing mechanism, in which programs are given opaque tokens when spawned and have the ability to do specific things based on what tokens they hold. Capability-based implementations can work at various levels, from kernel to user-space. An example of capability-based user-level sandboxing involves HTML rendering in a
Web browser
A web browser, often shortened to browser, is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's scr ...
.
*
Secure Computing Mode (seccomp) strict mode, seccomp only allows the
write()
,
read()
,
exit()
, and
sigreturn()
system calls.
*
HTML5
HTML5 (Hypertext Markup Language 5) is a markup language used for structuring and presenting hypertext documents on the World Wide Web. It was the fifth and final major HTML version that is now a retired World Wide Web Consortium (W3C) recommend ...
has a "sandbox" attribute for use with
iframes.
*
Java virtual machine
A Java virtual machine (JVM) is a virtual machine that enables a computer to run Java programs as well as programs written in other languages that are also compiled to Java bytecode. The JVM is detailed by a specification that formally descr ...
s include a sandbox to restrict the actions of untrusted code, such as a
Java applet
Java applets were applet, small applications written in the Java (programming language), Java programming language, or another programming language that Compiled language, compiles to Java bytecode, and delivered to users in the form of Ja ...
.
* The .NET
Common Language Runtime
The Common Language Runtime (CLR), the virtual machine component of Microsoft .NET Framework, manages the execution of .NET programs. Just-in-time compilation converts the managed code (compiled intermediate language code) into machine instr ...
provides
Code Access Security Code Access Security (CAS), in the Microsoft .NET framework, is Microsoft's solution to prevent untrusted code from performing privileged actions. When the CLR loads an assembly it will obtain evidence for the assembly and use this to identify th ...
to enforce restrictions on untrusted code.
* Software Fault Isolation (SFI),
allows running untrusted native code by sandboxing all store, read and jump assembly instructions to isolated segments of memory.
Some of the use cases for sandboxes include the following:
*
Online judge systems to test programs in programming contests.
* New-generation
pastebins allowing users to execute pasted
code snippets on the pastebin's server.
See also
*
FreeBSD jail
The jail mechanism is an implementation of FreeBSD's OS-level virtualisation that allows system administrators to partition a FreeBSD-derived computer system into several independent mini-systems called ''jails'', all sharing the same kernel, with ...
*
Sandboxie
*
seccomp
*
Test bench
*
Tor (anonymity network)
Tor is a free overlay network for enabling anonymous communication. It is built on free and open-source software run by over seven thousand volunteer-operated relays worldwide, as well as by millions of users who route their Internet traf ...
References
External links
Security In-Depth for Linux Software: Preventing and Mitigating Security BugsSandbox The Chromium ProjectsFreeBSD capsicum(4) man pagea lightweight OS capability and sandbox framework
OpenBSD pledge(2) man pagea way to restrict system operations
Sandbox testing importance{sandbox} Importance of sandbox in zero day flaw
Operating system security
Virtualization