7

In my IT security classes I frequently ran over these terms and had a hard time distinguishing between them, so I tried to figure their differences:

Sandboxing: Defense mechanism against mobile code, which runs in a separate runtime environment. Code and data are separated to prevent the program from modifying itself. This is used for small applications like applets in the JVM.

Interpretation: Defense mechanism against mobile code. Direct access to hardware is prevented and all addresses and system calls are interpreted and analyzed. Web browsers use this technique at the expense of performance.

Jailing: Defense mechanism against an unknown program. All system calls of a supervised program prisoner are checked by another program jailer who can also intercept and block them.

Are these definitions valid or are there any more differences / similarities which I didn't see? Especially some real world scenarios would be helpful, for example I know that sandboxing is used in the JVM as part of Java security.

AdHominem
  • 3,006
  • 1
  • 16
  • 26

1 Answers1

1

I hear in these terms an attempt to explain at a higher level of abstraction a continuum of ways to approach the problem of hosting executable code on a system you wish to protect.

  1. Native: allow executable code to run normally on the target system with full rights and privileges of other code on the system

  2. Jail: allow executable code to run normally on the target system except that access to sensitive resources- from specific syscalls to specific APIs to resources like disk or network i/o- whatever is appropriate for the context- is blocked in some fashion. Think of this as a blacklist- a policy of default allow with specific deny rules.

  3. Sandbox: a more restrictive environment than a Jail. Executable code runs in an abstraction of the target system, though some limited direct access to sensitive resources is allowed. Think of this as a whitelist- a policy of default deny (well, default abstracted/faked) with some specific allow rules.

  4. Interpret: is a poor term for the concept, which represents the other end of the spectrum from Native. Executable code is run in a completely abstracted environment with no direct interaction at all with resources on the target system. A better term may be "Simulated."

Hope that helps.

Jonah Benton
  • 3,359
  • 12
  • 20