CSE 227: Lecture 5

The topics covered in this lecture are sandboxing


The notion of sandboxing is to confine programs in a restricted environment, like letting a child play in a sandbox. The program (child) can do whatever it wants within the restricted environment -- the mess is confined to the sandbox and does not affect the rest of the system.

The notion is not so different from process confinement -- using processor privilege levels and a security kernel to mediate how a process from accessing resources, so that damages done by a faulty (or malicious) program are largely contained.

In lieu of bootstrapping the external object access enforcement from hardware mechanisms, Software Fault Isoltion (SFI) is a system where the enforcement is done using software-only techniques.

Java's type safety is another form of sandboxing: the enforcement mechanism is software controls implemented within object access methods, and type safety ensures that the proper access methods must be invoked.

[ search CSE | CSE | bsy's home page | links | webster | MRQE | google | yahoo | citeseer | certserver ]
picture of bsy

bsy+cse227w02@cs.ucsd.edu, last updated Mon Apr 8 20:19:51 PDT 2002. Copyright 2002 Bennet Yee.
email bsy.

Don't make me hand over my privacy keys!