computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, the ...

, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software

vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

from spreading. The isolation metaphor is taken from the idea of children who do not play well together, so each is given their own sandbox to play in alone. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...

. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory

scratch space Scratch space is space on the hard disk drive that is dedicated for storage of temporary user data. It is unreliable by intention and has no back up. Scratch disks may occasionally be set to erase all data at regular intervals so that the disk spac ...

. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted. In the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of

virtualization In computing, virtualization or virtualisation (sometimes abbreviated v12n, a numeronym) is the act of creating a virtual (rather than actual) version of something at the same abstraction level, including virtual computer hardware platforms, stor ...

. Sandboxing is frequently used to test unverified programs that may contain a

virus A virus is a submicroscopic infectious agent that replicates only inside the living cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and archaea. Since Dmitri Ivanovsky's 1 ...

or other

malicious code Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...

without allowing the software to harm the host device.

Implementations

A sandbox is implemented by executing the software in a restricted operating system environment, thus controlling the resources (e.g.

file descriptor In Unix and Unix-like computer operating systems, a file descriptor (FD, less frequently fildes) is a process-unique identifier (handle) for a file or other input/output resource, such as a pipe or network socket. File descriptors typically have ...

s, memory, file system space, etc.) that a process may use. Examples of sandbox implementations include the following: *

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...

application sandboxing, built on

Seccomp seccomp (short for secure computing mode) is a computer security facility in the Linux kernel. seccomp allows a process to make a one-way transition into a "secure" state where it cannot make any system calls except exit(), sigreturn(), read() ...

cgroups cgroups (abbreviated from control groups) is a Linux kernel feature that limits, accounts for, and isolates the resource usage (CPU, memory, disk I/O, network, etc.) of a collection of processes. Engineers at Google started the work on this ...

and

Linux namespaces Namespaces are a feature of the Linux kernel that partitions kernel resources such that one set of processes sees one set of resources while another set of processes sees a different set of resources. The feature works by having the same nam ...

. Notably used by Systemd,

Google Chrome Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS ...

Firefox Mozilla Firefox, or simply Firefox, is a free and open-source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and ...

, Firejail. * Android was the first mainstream operating system to implement full application sandboxing, built by assigning each application its own Linux user ID. *

Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple fruit tree, trees are agriculture, cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, wh ...

App Sandbox is required for apps distributed through Apple's

Mac App Store The App Store (also known as the Mac App Store) is a digital distribution platform for macOS apps, often referred to as Mac apps, created and maintained by Apple Inc. The platform was announced on October 20, 2010, at Apple's "Back to the Mac" ...

and

iOS iOS (formerly iPhone OS) is a mobile operating system created and developed by Apple Inc. exclusively for its hardware. It is the operating system that powers many of the company's mobile devices, including the iPhone; the term also include ...

iPadOS iPadOS is a mobile operating system developed by Apple Inc. for its iPad line of tablet computers. It is a rebranded variant of iOS, the operating system used by Apple's iPhones, renamed to reflect the diverging features of the two product l ...

App Store An App Store (or app marketplace) is a type of digital distribution platform for computer software called applications, often in a mobile context. Apps provide a specific set of functions which, by definition, do not include the running of the co ...

, and recommended for other signed apps. *

Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...

and later editions include a "low" mode process running, known as "User Account Control" (UAC), which only allows writing in a specific directory and registry keys.

Windows 10 Pro Windows 10 has several editions, all with varying feature sets, use cases, or intended devices. Certain editions are distributed only on devices directly from an original equipment manufacturer (OEM), while editions such as ''Enterprise'' and ''E ...

, from version 1903, provides a feature known as Windows Sandbox. *

Google Google LLC () is an American multinational technology company focusing on search engine technology, online advertising, cloud computing, computer software, quantum computing, e-commerce, artificial intelligence, and consumer electronics. ...

Sandboxed API. *

Virtual machine In computing, a virtual machine (VM) is the virtualization/emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized hardw ...

emulate Emulate, Inc. (Emulate) is a biotechnology company that commercialized Organs-on-Chips technology—a human cell-based technology that recreates organ-level function to model organs in healthy and diseased states. The technology has applications ...

a complete host computer, on which a conventional operating system may boot and run as on actual hardware. The guest operating system runs sandboxed in the sense that it does not function natively on the host and can only access host resources through the emulator. * A

jail A prison, also known as a jail, gaol (dated, standard English, Australian, and historically in Canada), penitentiary (American English and Canadian English), detention center (or detention centre outside the US), correction center, correc ...

: network-access restrictions, and a restricted file system namespace. Jails are most commonly used in

virtual hosting Virtual hosting is a method for hosting multiple domain names (with separate handling of each name) on a single server (or pool of servers). This allows one server to share its resources, such as memory and processor cycles, without requiring al ...

. * Rule-based execution gives users full control over what processes are started, spawned (by other applications), or allowed to inject code into other applications and have access to the net, by having the system assign access levels for users or programs according to a set of determined rules. It also can control file/registry security (what programs can read and write to the file system/registry). In such an environment, viruses and

Trojans Trojan or Trojans may refer to: * Of or from the ancient city of Troy * Trojan language, the language of the historical Trojans Arts and entertainment Music * '' Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 189 ...

have fewer opportunities for infecting a computer. The

SELinux Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including mandatory access controls (MAC). SELinux is a set of kernel modifications and user-space ...

and

Apparmor AppArmor ("Application Armor") is a Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles. Profiles can allow capabilities like network access, raw socket access, and the ...

security frameworks are two such implementations for

. * Security researchers rely heavily on sandboxing technologies to analyse malware behavior. By creating an environment that mimics or replicates the targeted desktops, researchers can evaluate how malware infects and compromises a target host. Numerous

malware analysis Malware analysis is the study or process of determining the functionality, origin and potential impact of a given malware sample such as a virus, worm, trojan horse, rootkit, or backdoor. Malware or malicious software is any computer software inten ...

services are based on the sandboxing technology. *

Google Native Client Google Native Client (NaCl) is a discontinued sandboxing technology for running either a subset of Intel x86, ARM, or MIPS native code, or a portable executable, in a sandbox. It allows safely running native code from a web browser, independ ...

is a sandbox for running compiled C and C++ code in the browser efficiently and securely, independent of the user's operating system. * Capability systems can be thought of as a fine-grained sandboxing mechanism, in which programs are given opaque tokens when spawned and have the ability to do specific things based on what tokens they hold. Capability-based implementations can work at various levels, from kernel to user-space. An example of capability-based user-level sandboxing involves HTML rendering in a

Web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...

. * Secure Computing Mode (seccomp) strict mode, seccomp only allows the write(), read(), exit(), and sigreturn() system calls. *

HTML5 HTML5 is a markup language used for structuring and presenting content on the World Wide Web. It is the fifth and final major HTML version that is a World Wide Web Consortium (W3C) recommendation. The current specification is known as the HTML ...

has a "sandbox" attribute for use with

iframes An HTML element is a type of HTML (HyperText Markup Language) document component, one of several types of HTML nodes (there are also text nodes, comment nodes and others). The first used version of HTML was written by Tim Berners-Lee in 1993 ...

. * Java virtual machines include a sandbox to restrict the actions of untrusted code, such as a

Java applet Java applets were small applications written in the Java programming language, or another programming language that compiles to Java bytecode, and delivered to users in the form of Java bytecode. The user launched the Java applet from a ...

. * The .NET Common Language Runtime provides

Code Access Security Code Access Security (CAS), in the Microsoft .NET framework, is Microsoft's solution to prevent untrusted code from performing privileged actions. When the CLR loads an assembly it will obtain evidence for the assembly and use this to identify the ...

to enforce restrictions on untrusted code. * Software Fault Isolation (SFI), allows running untrusted native code by sandboxing all store, read and jump assembly instructions to isolated segments of memory. Some of the use cases for sandboxes include the following: *

Online judge Competitive programming is a mind sport usually held over the Internet or a local network, involving participants trying to program according to provided specifications. Contestants are referred to as ''sport programmers''. Competitive progra ...

systems to test programs in programming contests. * New-generation

pastebins A pastebin or text storage site is a type of online content-hosting service where users can store plain text (e.g. source code snippets for code review via Internet Relay Chat (IRC)). The first pastebin was the eponymous pastebin.com. Other ...

allowing users to execute pasted code snippets on the pastebin's server.

References

External links

Security In-Depth for Linux Software: Preventing and Mitigating Security Bugs

Sandbox The Chromium Projects

FreeBSD capsicum(4) man page
a lightweight OS capability and sandbox framework
OpenBSD pledge(2) man page
a way to restrict system operations
Sandbox testing importance
sandbox} Importance of sandbox in zero day flaw Operating system security Virtualization

Implementations

See also

References

External links