Sandbox allows the execution of software(s) with less risk to the operating system. These are often used to execute untested code of dubious origin. We talked about Advanced Persistent Threats or APT in an older article, also we mentioned we use Sandbox mode to check them. The term Sandbox is also used in a broader sense to refer to a test environment for software or websites – we are not talking about all the Sandbox Environments but which are related to Security.
Sandbox in Computer Security : Features
In the area of decision-making, beyond testing software, it can also be a question of testing data in order to assess the quality and potential uses, before integrating them into the warehouse for production and impose various operating constraints. A sandbox typically provides a set of resources within a controlled environment to execute code (e.g. temporary storage on the environment hard drive). Access to networks, the ability to inspect the host system or the use of devices are usually disabled or severely restricted. In this context, a sandbox is a particular example of virtualization.
A sandbox provides an area of ??decision specific learning environment and innovation. It is common to multiply these private spaces tailored to the end-user or computer to test data, loading tools, restitution, prototype applications or services. However from the point of view infrastructure in order to avoid problems with the proliferation of data attacks, it is recommended to deploy the sandbox on the same platform as the production data warehouse in a specially isolated area of database.
Examples of Sandbox in Computer Security
- The applets are programs that run on a virtual machine or works as an interpreter for scripting language that make sandboxing. This technique is common in web browsers those are running applets embedded in web pages which are potentially hostile.
- Virtual machines emulate a host on which an operating system can run to full. This operating system is in a sandbox, in the sense that it does not run natively on the host machine and can not affect that through the emulator or shared resources (such as the disk space).
- Systems capabilities can be seen as mechanisms for sandboxing in which programs have the ability to perform specific tasks based on the privileges they have.
- Isolation is a particular type of limitation of usage of resources applied to programs operating in case of a problem such as with bug or malicious activities.
- The decision to offer the possibility to integrate new data in addition to those are managed by the existing decision-making system to make every possible analytical approaches from simple to more complex data on all decision-making systems of the company permanent or temporary and to facilitate prototyping of BI applications to test some design choices or means.