There's a few different possibilities, depending on how much isolation you want.
The easiest is to simply trust the code. It looks like that is out of the question for you, or you wouldn't be asking this.
The next step up is to run the code on a separate user account, as Vigneshwaren suggested. If you want to restrict network access specifically for a particular user account, that can be accomplished through iptables owner matching. When done, the user account can be left around or deleted, and any processes running as that user can be killed outright.
One more step up is to add a chroot jail to the separate user account. This can cause trouble with libraries or configuration files that need to be in place, but if it's e.g. a pure number-crunching exercise, it can be practical. It ensures that only the files you want the students' code to be able to access are accessible to that code.
The final step would be to execute the code in a completely separate environment. Think virtual machine, here, although a separate physical computer could accomplish the same thing. The code can execute in a completely isolated environment, including with the virtual network cable unplugged, and any damage it could possibly do, including filling up the disk or fork-bombing, will be isolated within the virtual machine and the worst that might happen is that you need to forcibly turn it off. Since the VM will have a completely separate OS installation, especially if you remove the network connection before running the software, this cannot possibly leak any of your sensitive data. With a VM, you can use disk snapshots to allow you to quickly and easily return to a known state after running each student's program.
It all depends on where on the effort-versus-trust-needed scale you place your students. Less trust requires more effort on your part to make sure nothing bad happens.
1If you run run this on a temporal account, which you created only for this purpose? – peterh - Reinstate Monica – 2013-12-19T10:20:40.417
1@PeterHorvath That is a good idea. I would be very grateful for any tips on how to lock down such a temporary account. – marshall – 2013-12-19T10:43:59.007
If it is a simple user, for him were practically impossible to do any really harmful. It were hard for a cracker even with an interactive shell. But if you delete the account after use, and kills all of its remaining processes (if remains, there is a good cause to a deeper look into its code), you are safe. (P.s. comments are upvotable, too :-) ) – peterh - Reinstate Monica – 2013-12-19T10:46:49.217
This belongs on security.
– l0b0 – 2013-12-19T11:54:37.160@l0b0 Actually, it seems on topic here to me (though more specific answers might possibly be had on Unix & Linux). Running software isolated from the surrounding system is a perfectly reasonable request relating to a power user's use of computers. – a CVn – 2013-12-19T12:01:13.063