sandbox (computer security)

Contributor(s): Linda Rosencrance and Paul Thompson

A sandbox is an isolated testing environment that enables users to run programs or execute files without affecting the application, system or platform on which they run. Software developers use sandboxes to test new programming code. Cybersecurity professionals use sandboxes to test potentially malicious software. Without sandboxing, an application or other system process could have unlimited access to all the user data and system resources on a network.

Sandboxes are also used to safely execute malicious code to avoid harming the device on which the code is running, the network or other connected devices. Using a sandbox to detect malware offers an additional layer of protection against security threats, such as stealthy attacks and exploits that use zero-day vulnerabilities.

Importance of sandboxes

As malware becomes more sophisticated, monitoring suspicious behavior to detect malware has become increasingly difficult. Many threats in recent years have employed advanced obfuscation techniques that can evade detection from endpoint and network security products.

Sandboxing protects an organization's critical infrastructure from suspicious code because it runs in a separate system. It also allows IT to test malicious code in an isolated testing environment to understand how it works within a system as well as more rapidly detect similar malware attacks.

Uses of sandboxes

In general, a sandbox is used to test suspicious programs that may contain viruses or other malware, without allowing the software to harm the host devices.

Sandboxing is an important feature of the Java programming language and development environment, where the sandbox is a program area and set of rules that programmers need to use when creating Java code (called an applet) that is sent as part of a web page.

A sandbox can also enable a mirrored production environment that an external developer can use to develop an app that uses a web service from the sandbox. This enables third-party developers to validate their code before migrating it to the production environment.

An API sandbox is targeted at API developers and testers. It mimics the characteristics of the production environment to create simulated responses for APIs that reflect the behavior of a real system.

Java sandboxing

Java applets are sent automatically to the user's browser as part of the web page transmission and can be executed as soon as they arrive at the browser. Without any other protection, the malicious code could run without restriction and easily do harm; use of a sandbox to isolate the code can help protect against both malicious attacks and harm done by buggy Java programs with unlimited access to memory or operating system services. The sandbox restrictions strictly limit what system resources an applet can request or access.

The Java sandbox comprises the program area and a set of rules that programmers need to use when creating Java code sent with web content. The sandbox restrictions set strict limits on what system resources the applet can request or access. Essentially, the programmer must write code that "plays" only within the sandbox, much as children are allowed to make anything they want to within the confined limits of a real sandbox. The sandbox can be conceived as a small area within your computer where an applet's code can play freely -- but it's not allowed to play anywhere else.

The sandbox is implemented not only by requiring programmers to conform to certain rules but also by providing code checkers. The Java language itself provides features such as automatic memory management, garbage collection and the checking of address ranges in strings and arrays that inherently help to guarantee safe code.

Java's compiled code, known as bytecode, includes a verifier that guarantees adherence to certain limitations. Java also provides for a local name space within which code may be restricted. The Java virtual machine (the layer that interprets the Java bytecode for a given computer platform) also mediates access to system resources and ensures that sandbox code is restricted.

In the original sandbox security model, the sandbox code is generally known as untrusted code. In later versions of the Java Development Kit (JDK) -- the programmer's development environment -- the sandbox has been made more sophisticated by introducing several levels of trust that the user can specify for sandbox code. The more trust the user allows, the more capability the code has to "play" outside of the sandbox. In the Java Development Kit 1.1 version, the concept of a signed applet was introduced. An applet accompanied by a digital signature can contain trusted code that is allowed to execute if the client browser recognizes the signature.

In JDK 2.0, Java provides for assigning different levels of trust to all application code, whether loaded locally or arriving from the Internet. A mechanism exists to define a security policy that screens all code -- whether signed or not -- as it executes.

Benefits of using a sandbox

Using a sandbox to test software changes before they go live means there are fewer problems during and after testing because the testing environment is totally separate from the production environment.

Sandboxing is also great for quarantining zero-day threats that exploit unreported vulnerabilities. Although there's no guarantee that sandboxing will stop zero-day threats, it offers an additional layer of security by separating the threats from the rest of the network. When threats and viruses are quarantined, cybersecurity experts can study them to identify patterns, helping to prevent future attacks and identify other network vulnerabilities.

Sandboxing also complements other security programs, including behavior monitoring and virus programs. It offers added protection against certain strains of malware that an antivirus program may not detect.

Examples of using a sandbox

Sandboxes can be used to isolate code execution in almost any situation that software code is being executed. Some specific examples of using a sandbox to isolate code execution include:

  • Web browsers: A trusted web browser can be run inside a sandbox. Then if a website exploits a vulnerability in that web browser, the damage is limited to the sandbox and minimized.
  • Software protection: There are tools that enable users to run software they don't trust in sandboxes so that the software can't access their private data or harm their devices. Because a sandbox appears to be a complete system to the software, the software usually can't detect that it's constrained to a virtual environment.
  • Security research: Information security professionals use sandboxes for research or to detect malicious code. For instance, a security tool could visit websites to monitor what files are ultimately changed or it could install and run software.
  • Virtualization: A virtual machine is basically a type of sandbox. This approach uses a virtual machine-based sandbox to contain and examine suspicious programs.

Sandbox applications

Sandbox applications include:

  • Browser plug-in content often depended on using a sandbox to screen content loaded by browser plug-ins, including Microsoft Silverlight and Adobe Flash. However, this type of content has been notoriously difficult to keep safe. While it was safer to play a flash game on a web page than to download the game and run it as a standard program, content publishers have largely moved away from such plug-ins in favor of publishing active content using HTML5 -- which includes the sandbox attribute to instruct the browser to disable any features that may present security risks.
  • PDFs and other documents may include executable code, so Adobe Reader runs PDF files in a sandbox, which stops them from escaping the PDF viewer and interfering with the rest of the computer. Microsoft Office also has a sandbox mode to stop unsafe macros from tampering with a system.
  • Mobile apps are generally executed by mobile platforms in sandboxes. Apps for iOS, Android and Windows are prohibited from doing many of the things standard desktop apps can do. For example, to access a user's location, they have to declare permissions. Additionally, the sandbox isolates the applications, preventing them from tampering with each other.
This was last updated in December 2018

Continue Reading About sandbox (computer security)

Dig Deeper on Network threat detection

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

How would you assess security performance of sandboxes in the products you use?


File Extensions and File Formats