The words “sandbox” and “sandboxing” are being used more and more in the IT world. With sandbox technology, you can make a separate testing area inside a system. In this way, a program can do certain things without being able to hurt the hardware. Sandboxing is mostly used to protect your operating system by keeping bad code or malware away from it. Sandboxing is now standard practice in both software development and cyber security. It gives large companies the protection they need to avoid system damage and cyberattacks.
How does sandboxing work
There are several ways to make a sandbox. Before, programmers made their own test environments, but now they can use programs that are ready to use right away. Depending on the operating system and the goal, there are different versions and ways to use them. This is important because a developer working on a brand-new computer program will have different needs than a company whose main goal is to keep unknown code or cyberattacks out of its operating system. As a general rule, a sandbox application will need more resources if it needs to simulate more parts of a real system environment.
Advantages of The sandbox
The following are some of its merits:
Statistics show that sandboxing has been successful so far
Researchers are finding more and more hard numbers to back up the security claims of sandboxing in cases like Adobe Reader and Chrome. For example, www.cvedetails.com showed that there were 68 vulnerabilities in Adobe Acrobat in 2010, the first year that sandboxing was added. Only 30 have been so far this year. Researchers from IBM also looked for exploits and weaknesses in Adobe products.
Clinton McFadden, senior operations manager for IBM X-Force research and development, points to recent results in the IBM X-Force Mid-Year Report. “The data we’ve collected over the first half of this year and the data we can track back to the release of Adobe Reader X show that there’s a correlation between a drop in PDF vulnerability disclosures and exploits and the adoption of Adobe Reader X”, he says.
Sandboxing is still in its early stages
Yovel thinks that some of the good early statistics about sandboxing can be explained by the fact that the technology is still new.
“It hasn’t been used much yet”, he says. “In the end, advanced threats get around all new security controls”. This could be the end of the honeymoon very soon. Security researchers have already found ways to exploit sandbox environments like Adobe Acrobat X. Most notably, Zhenhua Liu and Guillaume Lovet of Fortinet presented such an exploit at this year’s Black Hat Europe event. As Keanini says, it’s all part of how security evolves together.
High-security level
Sandbox strategies are used to design and make programs more secure. Eventually, they are broken into, so the programs are redesigned to be more secure” he added. “Then, new exploits are made, and the cycle continues forever”.
Disadvantages of The sandbox
Below are the demerits:
With sandboxing privileges stay low
Most application sandbox methods work by lowering the privileges that an application has on the system. This limits the kind of code that the application can run on a system, even if the user permissions are raised elsewhere on the machine. Valasek says that the limited permissions model is a good way to stop malware from taking over a machine if it needs high permission levels to do so.
It is possible to free oneself from the confines of the sandbox
But this doesn’t mean that sandboxing solves the problem of vulnerabilities and exploits. All an attacker needs to do is find a vulnerability that lets them gain more privileges, which gives them more ways to exploit. The security benefits of the containment method are lost if people can “escape” from the sandbox. Hackers can come up with ways to get out of the sandbox by taking advantage of flaws in the sandbox itself or by using social engineering if the user has any control over the privilege permissions.
“Any sandbox can be broken”, says Axelle Apvrille, a senior mobile antivirus researcher at Fortinet’s FortiGuard Labs. He says that any developer who uses sandboxing as a control must think about how attacks could get out of the sandbox if they want to use it as an effective control.
