Custom Search

Cyber Security:

Sandboxing

The term 'sandbox' in cyber-security comes from the idea of a child's sandbox, in which the sand and toys are kept inside a 'small container' or 'walled area' so child can play safely.

With a 'sandboxing approach' in computer development and testing, every software application is given a "sandbox," which is a controlled, restricted environment to run and execute code. This environment helps developers isolate and protect system resources from malware and other kinds of cyberthreats.

Application sandboxing or application containerization, is an approach to software development and management and mobile application management (MAM) that limits the environments in which certain code can execute.

It creates a safe controlled environment for running and testing computer code that keep users and production environments safe. Researchers also use sandboxes to identify how newly obtained software behaves and spot any malware or other undesirable program elements.

Sandboxing in modern web browsers

Sandboxing is widely used in modern web browsers, such as Internet Explorer 10 onwards, and Chrome, to prevent internet content causing damage to files on your computer.

Similar sandboxes exist for most browser plugins and the Adobe Acrobat PDF viewer. The software sandbox approach is a way for your computer to run programs in a controlled environment. The sandbox offers a constrained amount of memory and only allows very limited access to resources such as operating system files, disks and the network.

In theory, the software cannot break out of the sandbox and affect other parts of the computer, so even if malicious software attempts to overwrite parts of the disk, the sandbox will prevent it from doing so.

The aim of application sandboxing

Application sandboxing seeks to:

create a secure environment so the app can run without the risk of damaging the overall system.

improve security by isolating and shielding the application from outside intruders or malware.

prevent system resources or other applications from interacting with the protected app.

The approach is especially useful to run or test applications from untrustworthy sources (e.g., unknown developers) or websites.

Sandboxing also increases application integrity; it lets developers wrap the app in security policies or isolate and protect the application within its own virtual machine (micro-virtualization).

Benefits of application sandboxing

Enhanced security - by limiting the environment in which codes can execute, developers protect the app from outside influences, whether these are system resources or nonmalicious bugs, or malicious malware or hackers.

Ensures a secure application experience for users - by peventing users from accessing environments they do not need access to or should not access.

Provides additional security in case of errors caused by unexpected bugs or vulnerabilities by encapsulating and isolates programming errors within the sandbox so the outside environment is intact.

Protects system resources from malware and other types of cyber threats.

Types of application sandboxes

Some of the most common types of application sandboxes include:

User-level validation

OS support

Browser-based

Java sandbox

Application sandboxes with user-level validation