This project provides API's in C/C++ and Python for executing and profiling simple (single process) programs in a restricted environment, or sandbox. These API's can help developers to build automated profiling tools and watchdogs that capture and block the runtime behaviours of binary programs according to configurable / programmable policies.
The sandbox libraries were originally designed and utilized as the core security module of a full-fledged online judge system for ACM/ICPC training. They have since then evolved into a general-purpose tool for binary program testing, profiling, and security restriction. The sandbox libraries are currently maintained by the OpenJudge Alliance (http://openjudge.net/) as a standalone, open-source project to facilitate various assignment grading solutions for IT/CS education.
See author's homepage at http://openjudge.net/~liuyu/Project/LibSandbox for details.
- capture system calls and arguments invoked by sandboxed binary programs in runtime, and block malicious actions through user-defined policy modules
- specify quota limit of resources allocated to the sandboxed program, including cpu and wallclock time, memory, and disk output
- minimize privileges of sandboxed programs, and isolate their execution from critical parts of the operating system
Be the first to post a review of Sandbox Libraries!