Sandboxing is a security approach that separates susceptibilities
application from critical system resources and other programs. It delivers an
extra layer of security that avoids malware or dangerous applications from adversely
affecting system.
Without sandboxing, an application may have unobstructed
access to all system resources and user data on a computer. A sandboxed app on
the other hand, can only access resources in its own "sandbox."
Basic computer design enables the resource sharing. By permitting
programs to share resources, the computer can apparently multi-task and seems
to be doing a lot of things at once. This is accurately the type of conduct
we’ve come to request from our computers, but these abilities can cause adverse
side effects.
 |
Fig 1.1-Sandboxing
|
Programs can act badly and crash, or cause other programs to
crash and they can have a dependence on some other application on the computer
that conflicts with the needs of another programs and progressively, programs
are malicious and try to access out-of-bounds areas to affect the network.
An application's sandbox is an incomplete area of storage
space and memory that comprises the only resources the program requires. If a
program wants to access resources or files outside the sandbox, authorization
must be clearly approved by the system.
For example, when a sandboxed app is installed in operating
Systems, a precise directory is formed for that application's sandbox. The app
is given indefinite read and write admittance to the sandboxed directory, but
it is not permitted to read or write any other files on the computer's storage
device unless it is approved by the system. This access is usually approved by
means of the Open or Save dialog box, both of which require direct user input.