Sandbox (computer security)

Sandbox is the English term for a sandbox or sandpit and generally refers to an isolated area within which any action has no effect on the external environment.

Test area in the computer science

When testing software must be taken to ensure that the system on which it is tested, not changed by this software is disturbed or damaged in any way. For software that must be installed on the running ability that is not trivial. Thus, changes in the central registry database (registry), for example, in Windows operating systems when installed usually performed, which causes most conflicts with other versions of this software.

The sandbox is now available for special features of the runtime environment of software or the local working copy of data stored in a version control system software module (eg, see Concurrent Versions System). The software is shielded from the rest of the system, practically set in the sand box where they can not cause any damage on the one hand and on the other hand, the effects of the software can be recorded. There are various in-depth techniques of bending of a file system and the registry such as in Sandboxie to a complete simulation of a computer, such as VMware, Bochs or FAUmachine rich.

One field of application is the use of the DNS server BIND program under Unix. The process of the program is started in a virtual runtime environment, called a jail ( English: Prison ), make it difficult for potential attackers to leave the prison in successful attacks carried out on this software and take it to the actual operating system environment.

Another application is the software Installing the Gentoo Linux distribution or installation of a customized Linux system ( for example, after the LFS instructions). Since the software installation is error-prone and a partial installation damaged the whole system is initially installed in a sandbox and only if successful the changes on the system are transferred.

Daily use is the delineation of potentially unsafe parts of the program in today's browsers, so work Chromium - based browser for any web page and plugins each in independent sandbox processes, thereby increasing the stability and receive a browser exploit more difficult control of the user - system can.