The sandbox libraries (libsandbox & pysandbox) are an open-source suite of software components for C/C++ and Python developers to create automated profiling tools and watchdog programs. The API's are designed for executing and instrumenting simple (single process) tasks, featuring policy-based behavioral auditing, resource quota, and statistics collecting.
The sandbox libraries were originally designed and utilized as the core security module of a full-fledged online judge system for ACM/ICPC training. They have since then evolved into a general-purpose tool for binary program testing, profiling, and security restriction. The sandbox libraries are currently maintained by the OpenJudge Alliance (http://openjudge.net/) as a standalone, open-source project to facilitate various assignment grading solutions for IT/CS education.
See project page at https://github.com/openjudge/sandbox for details.
- capture system calls and arguments invoked by sandboxed binary programs in runtime, and block malicious actions through user-defined policy modules
- specify quota limit of resources allocated to the sandboxed program, including cpu and wallclock time, memory, and disk output
- minimize privileges of sandboxed programs, and isolate their execution from critical parts of the operating system
Thanks for software and updates.