computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...

, a sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software vulnerabilities from spreading. The isolation metaphor is taken from the idea of children who do not play well together, so each is given their own sandbox to play in alone. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ef ...

. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory scratch space. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted. In the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of

virtualization In computing, virtualization or virtualisation (sometimes abbreviated v12n, a numeronym) is the act of creating a virtual (rather than actual) version of something at the same abstraction level, including virtual computer hardware platforms, st ...

. Sandboxing is frequently used to test unverified programs that may contain a

virus A virus is a wikt:submicroscopic, submicroscopic infectious agent that replicates only inside the living Cell (biology), cells of an organism. Viruses infect all life forms, from animals and plants to microorganisms, including bacteria and ...

or other

malicious code Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...

without allowing the software to harm the host device.

Implementations

A sandbox is implemented by executing the software in a restricted operating system environment, thus controlling the resources (e.g.

file descriptor In Unix and Unix-like computer operating systems, a file descriptor (FD, less frequently fildes) is a process-unique identifier ( handle) for a file or other input/output resource, such as a pipe or network socket. File descriptors typically ...

s, memory, file system space, etc.) that a process may use. Examples of sandbox implementations include the following: *

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...

application sandboxing, built on Seccomp, cgroups and Linux namespaces. Notably used by Systemd,

Google Chrome Google Chrome is a cross-platform web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macO ...

, Firefox, Firejail. *

Android Android may refer to: Science and technology * Android (robot), a humanoid robot or synthetic organism designed to imitate a human * Android (operating system), Google's mobile operating system ** Bugdroid, a Google mascot sometimes referred to ...

was the first mainstream operating system to implement full application sandboxing, built by assigning each application its own Linux user ID. *

Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple trees are cultivated worldwide and are the most widely grown species in the genus '' Malus''. The tree originated in Central Asia, where its wild ances ...

App Sandbox is required for apps distributed through Apple's Mac App Store and iOS/ iPadOS App Store, and recommended for other signed apps. *

Windows Vista Windows Vista is a major release of the Windows NT operating system developed by Microsoft. It was the direct successor to Windows XP, which was released five years before, at the time being the longest time span between successive releases of ...

and later editions include a "low" mode process running, known as "User Account Control" (UAC), which only allows writing in a specific directory and registry keys. Windows 10 Pro, from version 1903, provides a feature known as Windows Sandbox. *

Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...

Sandboxed API. *

Virtual machine In computing, a virtual machine (VM) is the virtualization/ emulation of a computer system. Virtual machines are based on computer architectures and provide functionality of a physical computer. Their implementations may involve specialized har ...

s emulate a complete host computer, on which a conventional operating system may boot and run as on actual hardware. The guest operating system runs sandboxed in the sense that it does not function natively on the host and can only access host resources through the emulator. * A

jail A prison, also known as a jail, gaol (dated, standard English, Australian, and historically in Canada), penitentiary (American English and Canadian English), detention center (or detention centre outside the US), correction center, corre ...

: network-access restrictions, and a restricted file system namespace. Jails are most commonly used in virtual hosting. * Rule-based execution gives users full control over what processes are started, spawned (by other applications), or allowed to inject code into other applications and have access to the net, by having the system assign access levels for users or programs according to a set of determined rules. It also can control file/registry security (what programs can read and write to the file system/registry). In such an environment, viruses and Trojans have fewer opportunities for infecting a computer. The SELinux and Apparmor security frameworks are two such implementations for

. * Security researchers rely heavily on sandboxing technologies to analyse malware behavior. By creating an environment that mimics or replicates the targeted desktops, researchers can evaluate how malware infects and compromises a target host. Numerous malware analysis services are based on the sandboxing technology. * Google Native Client is a sandbox for running compiled C and C++ code in the browser efficiently and securely, independent of the user's operating system. *

Capability A capability is the ability to execute a specified course of action or to achieve certain outcomes. As it applies to human capital, capability represents performing or achieving certain actions/outcomes in terms of the intersection of capacity an ...

systems can be thought of as a fine-grained sandboxing mechanism, in which programs are given opaque tokens when spawned and have the ability to do specific things based on what tokens they hold. Capability-based implementations can work at various levels, from kernel to user-space. An example of capability-based user-level sandboxing involves HTML rendering in a

Web browser A web browser is application software for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on ...

. * Secure Computing Mode (seccomp) strict mode, seccomp only allows the write(), read(), exit(), and sigreturn() system calls. * HTML5 has a "sandbox" attribute for use with

iframes An HTML element is a type of HTML (HyperText Markup Language) document component, one of several types of HTML nodes (there are also text nodes, comment nodes and others). The first used version of HTML was written by Tim Berners-Lee in 1993 ...

. *

Java virtual machine A Java virtual machine (JVM) is a virtual machine that enables a computer to run Java programs as well as programs written in other languages that are also compiled to Java bytecode. The JVM is detailed by a specification that formally describ ...

s include a sandbox to restrict the actions of untrusted code, such as a

Java applet Java applets were small applications written in the Java programming language, or another programming language that compiles to Java bytecode, and delivered to users in the form of Java bytecode. The user launched the Java applet from a ...

. * The .NET Common Language Runtime provides Code Access Security to enforce restrictions on untrusted code. * Software Fault Isolation (SFI), allows running untrusted native code by sandboxing all store, read and jump assembly instructions to isolated segments of memory. Some of the use cases for sandboxes include the following: * Online judge systems to test programs in programming contests. * New-generation pastebins allowing users to execute pasted code snippets on the pastebin's server.

References

External links

Security In-Depth for Linux Software: Preventing and Mitigating Security Bugs

Sandbox The Chromium Projects

FreeBSD capsicum(4) man page
a lightweight OS capability and sandbox framework
OpenBSD pledge(2) man page
a way to restrict system operations
Sandbox testing importance
sandbox} Importance of sandbox in zero day flaw Operating system security Virtualization

Implementations

See also

References

External links