183:
Rule-based execution gives users full control over what processes are started, spawned (by other applications), or allowed to inject code into other applications and have access to the net, by having the system assign access levels for users or programs according to a set of determined rules. It also
220:
systems can be thought of as a fine-grained sandboxing mechanism, in which programs are given opaque tokens when spawned and have the ability to do specific things based on what tokens they hold. Capability-based implementations can work at various levels, from kernel to user-space. An example of
42:
metaphor derives from the concept of a child's sandbox—a play area where kids can build, destroy, and experiment without causing any real-world damage. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or
168:
a complete host computer, on which a conventional operating system may boot and run as on actual hardware. The guest operating system runs sandboxed in the sense that it does not function natively on the host and can only access host resources through the
203:
Security researchers rely heavily on sandboxing technologies to analyse malware behavior. By creating an environment that mimics or replicates the targeted desktops, researchers can evaluate how malware infects and compromises a target host. Numerous
477:
407:
281:
Software Fault
Isolation (SFI), allows running untrusted native code by sandboxing all store, read and jump assembly instructions to isolated segments of memory.
118:
was the first mainstream operating system to implement full application sandboxing, built by assigning each application its own Linux user ID.
649:
184:
can control file/registry security (what programs can read and write to the file system/registry). In such an environment, viruses and
74:
A sandbox is implemented by executing the software in a restricted operating system environment, thus controlling the resources (e.g.
214:
is a sandbox for running compiled C and C++ code in the browser efficiently and securely, independent of the user's operating system.
712:
51:. Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted.
378:
47:. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as storage and memory
588:
525:
173:
614:
568:
34:
is a security mechanism for separating running programs, usually in an effort to mitigate system failures and/or software
501:
732:
411:
432:
20:
668:
54:
In the sense of providing a highly controlled environment, sandboxes may be seen as a specific example of
176:: network-access restrictions, and a restricted file system namespace. Jails are most commonly used in
115:
217:
35:
697:
737:
333:
271:
19:
This article is about the computer security mechanism. For the software testing environment, see
692:
136:
275:
260:
211:
146:
8:
709:
352:
27:
379:"A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker)"
592:
205:
97:
44:
457:
716:
177:
162:
75:
687:
150:
59:
58:. Sandboxing is frequently used to test unverified programs that may contain a
55:
726:
688:
Security In-Depth for Linux
Software: Preventing and Mitigating Security Bugs
636:
300:
142:
125:
105:
48:
313:
289:
197:
185:
546:
264:
222:
377:
Goldberg, Ian; Wagner, David; Thomas, Randi & Brewer, Eric (1996).
328:
263:
include a sandbox to restrict the actions of untrusted code, such as a
149:, which only allows writing in a specific directory and registry keys.
121:
318:
296:
700: – a lightweight OS capability and sandbox framework
221:
capability-based user-level sandboxing involves HTML rendering in a
703:
193:
165:
145:
and later editions include a "low" mode process running, known as
323:
254:
228:
189:
153:, from version 1903, provides a feature known as Windows Sandbox.
109:
101:
93:
89:
63:
39:
156:
133:
250:
124:
App
Sandbox is required for apps distributed through Apple's
85:
650:"Defense in Depth: Locking Down Mash-Ups with HTML5 Sandbox"
647:
285:
Some of the use cases for sandboxes include the following:
81:
Examples of sandbox implementations include the following:
78:, memory, file system space, etc.) that a process may use.
376:
353:"What Is a Sandbox Environment? - Meaning | Proofpoint UK"
129:
188:
have fewer opportunities for infecting a computer. The
386:
Proceedings of the Sixth USENIX UNIX Security
Symposium
66:
without allowing the software to harm the host device.
706: – a way to restrict system operations
43:
websites, without risking harm to the host machine or
196:
security frameworks are two such implementations for
615:"Native Client Sandbox – Untrusted x86 Native Code"
458:"Application Sandbox - Android Open Source Project"
292:systems to test programs in programming contests.
724:
719:{sandbox} Importance of sandbox in zero day flaw
208:services are based on the sandboxing technology.
693:Sandbox – The Chromium Projects
502:"Security of runtime process in iOS and iPadOS"
589:"Computer System Security and Access Controls"
648:Internet Explorer Team Blog (14 July 2011).
669:"Efficient Software-Based Fault Isolation"
408:"How to Keep Your PC Safe With Sandboxing"
278:to enforce restrictions on untrusted code.
139:, and recommended for other signed apps.
253:has a "sandbox" attribute for use with
725:
666:
405:
231:strict mode, seccomp only allows the
13:
69:
14:
749:
681:
299:allowing users to execute pasted
88:application sandboxing, built on
660:
641:
630:
607:
581:
569:"Auto-Sandboxing secure system"
561:
229:Secure Computing Mode (seccomp)
539:
518:
494:
470:
450:
425:
399:
370:
345:
21:Sandbox (software development)
1:
339:
698:FreeBSD capsicum(4) man page
147:"User Account Control" (UAC)
7:
307:
16:Software security mechanism
10:
754:
710:Sandbox testing importance
704:OpenBSD pledge(2) man page
410:. TechHive. Archived from
406:Geier, Eric (2012-01-16).
18:
733:Operating system security
433:"Sandboxing Applications"
303:on the pastebin's server.
637:Welcome to Native Client
334:Tor (anonymity network)
272:Common Language Runtime
667:Wahbe, Robert (1993).
591:. 1991. Archived from
261:Java virtual machines
551:, Google, 2020-12-08
548:google/sandboxed-api
276:Code Access Security
212:Google Native Client
38:from spreading. The
482:developer.apple.com
478:"About App Sandbox"
715:2021-04-26 at the
100:. Notably used by
526:"Windows Sandbox"
28:computer security
745:
676:
675:
673:
664:
658:
657:
645:
639:
634:
628:
627:
625:
624:
619:
611:
605:
604:
602:
600:
585:
579:
578:
576:
575:
565:
559:
558:
557:
556:
543:
537:
536:
534:
533:
522:
516:
515:
513:
512:
498:
492:
491:
489:
488:
474:
468:
467:
465:
464:
454:
448:
447:
445:
443:
437:
429:
423:
422:
420:
419:
403:
397:
396:
394:
392:
383:
374:
368:
367:
365:
364:
349:
246:
242:
238:
234:
206:malware analysis
163:Virtual machines
98:Linux namespaces
76:file descriptors
45:operating system
753:
752:
748:
747:
746:
744:
743:
742:
723:
722:
717:Wayback Machine
684:
679:
671:
665:
661:
646:
642:
635:
631:
622:
620:
617:
613:
612:
608:
598:
596:
587:
586:
582:
573:
571:
567:
566:
562:
554:
552:
545:
544:
540:
531:
529:
524:
523:
519:
510:
508:
500:
499:
495:
486:
484:
476:
475:
471:
462:
460:
456:
455:
451:
441:
439:
435:
431:
430:
426:
417:
415:
404:
400:
390:
388:
381:
375:
371:
362:
360:
351:
350:
346:
342:
310:
295:New-generation
244:
240:
236:
232:
178:virtual hosting
72:
70:Implementations
36:vulnerabilities
24:
17:
12:
11:
5:
751:
741:
740:
738:Virtualization
735:
721:
720:
707:
701:
695:
690:
683:
682:External links
680:
678:
677:
659:
640:
629:
606:
595:on 28 May 2013
580:
560:
538:
517:
493:
469:
449:
424:
398:
369:
343:
341:
338:
337:
336:
331:
326:
321:
316:
309:
306:
305:
304:
293:
283:
282:
279:
268:
258:
248:
226:
215:
209:
201:
181:
170:
160:
159:Sandboxed API.
154:
151:Windows 10 Pro
140:
119:
113:
71:
68:
64:malicious code
56:virtualization
15:
9:
6:
4:
3:
2:
750:
739:
736:
734:
731:
730:
728:
718:
714:
711:
708:
705:
702:
699:
696:
694:
691:
689:
686:
685:
670:
663:
655:
651:
644:
638:
633:
616:
610:
594:
590:
584:
570:
564:
550:
549:
542:
527:
521:
507:
506:Apple Support
503:
497:
483:
479:
473:
459:
453:
434:
428:
414:on 2014-07-12
413:
409:
402:
387:
380:
373:
358:
354:
348:
344:
335:
332:
330:
327:
325:
322:
320:
317:
315:
312:
311:
302:
301:code snippets
298:
294:
291:
288:
287:
286:
280:
277:
273:
269:
266:
262:
259:
256:
252:
249:
247:system calls.
230:
227:
224:
219:
216:
213:
210:
207:
202:
199:
195:
191:
187:
182:
179:
175:
171:
167:
164:
161:
158:
155:
152:
148:
144:
143:Windows Vista
141:
138:
135:
131:
127:
126:Mac App Store
123:
120:
117:
114:
111:
107:
106:Google Chrome
103:
99:
95:
91:
87:
84:
83:
82:
79:
77:
67:
65:
61:
57:
52:
50:
49:scratch space
46:
41:
37:
33:
29:
22:
662:
653:
643:
632:
621:. Retrieved
609:
597:. Retrieved
593:the original
583:
572:. Retrieved
563:
553:, retrieved
547:
541:
530:. Retrieved
528:. 2018-12-18
520:
509:. Retrieved
505:
496:
485:. Retrieved
481:
472:
461:. Retrieved
452:
440:. Retrieved
427:
416:. Retrieved
412:the original
401:
389:. Retrieved
385:
372:
361:. Retrieved
359:. 2023-09-13
356:
347:
314:FreeBSD jail
290:Online judge
284:
80:
73:
53:
31:
25:
265:Java applet
245:sigreturn()
223:Web browser
112:, Firejail.
727:Categories
623:2015-01-03
574:2015-01-30
555:2020-12-09
532:2010-01-07
511:2021-04-04
487:2020-12-09
463:2021-04-02
418:2014-07-03
391:25 October
363:2024-05-28
357:Proofpoint
340:References
329:Test bench
218:Capability
319:Sandboxie
297:pastebins
274:provides
270:The .NET
169:emulator.
137:App Store
62:or other
713:Archived
308:See also
194:Apparmor
324:seccomp
255:iframes
233:write()
190:SELinux
186:Trojans
166:emulate
116:Android
110:Firefox
102:Systemd
94:cgroups
90:Seccomp
40:sandbox
32:sandbox
654:IEBlog
599:17 May
438:. 2001
243:, and
241:exit()
237:read()
157:Google
134:iPadOS
672:(PDF)
618:(PDF)
442:7 May
436:(PDF)
382:(PDF)
251:HTML5
198:Linux
122:Apple
86:Linux
60:virus
601:2013
444:2013
393:2011
192:and
174:jail
128:and
96:and
30:, a
130:iOS
26:In
729::
652:.
504:.
480:.
384:.
355:.
239:,
235:,
172:A
108:,
104:,
92:,
674:.
656:.
626:.
603:.
577:.
535:.
514:.
490:.
466:.
446:.
421:.
395:.
366:.
267:.
257:.
225:.
200:.
180:.
132:/
23:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.