Thursday, July 21, 2011

Sandbox (Computer Security)

In the anti-malware sense a sandbox is a (generally) simulated computer environment in which untrusted software (i.e. potential malware) can be run while still keeping the trusted host environment isolated from it. Or even we can say a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users.

A sandbox can be implemented in more than one way, the most well-known is probably the virtual machine... a virtual machine based sandbox is one where the computer hardware itself is simulated and an OS and other software run on top of that simulated hardware.

Another type of sandbox is one that simulates access to resources (such as files or the registry) of an existing system by trapping attempts by programs running in the sandbox to access those resources and redirecting those access attempts to copies residing within the sandbox environment... this uses less resources than a traditional virtual machine and can be used in a more transparent way by end users because it doesn't set up a completely separate system which may or may not be similar to the host system they're likely familiar with (nor do they have to try to wrap their heads around the idea of a computer within a computer).

A third (but much more primitive) technique which could arguably be considered a kind of sandbox is the use of different drive images to separate the main computing environment from other environments used for running untrusted code... this has the problem that the environment for trusted programs and the one for untrusted programs can't be in operation on the same computer at the same time, which makes it a little inconvenient if you only have one physical system.

Ultimately these technologies are all meant to try to replace the original practice of using a physically separate computer dedicated to testing... a second physical computer for untrusted programs is probably the least convenient way to isolate a trusted environment from untrusted code but it is also probably the most secure.