Sandbox

From Computing and Software Wiki

Revision as of 04:49, 6 April 2008 by Chatteik (Talk)
Jump to: navigation, search

A sandbox (in computer security) is a security mechanism used on servers and personal computers to execute third-party programs that are unverified or have a non-trusted source. A sandbox allows a guest program to run under tightly-controlled conditions, which typically prevent the guest program to write to the host computer’s permanent disk storage and provide a highly restricted network access. Some sandboxes also disallow the guest program to read from the host’s input devices as a means to prevent malicious programs from reading sensitive data like passwords, network keys and credit card information.


Mechanism

Typically when a program is run the hard disk is read to load program parameters and then data is written back when the program exits. The following figure demonstrates this scenario.File:Without Sandbox.png

Personal tools