In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third parties, suppliers, untrusted users and untrusted websites. A sandbox typically provides a tightly controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access, the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. Sandboxing is frequently used to test unverified programs that may contain a virus or other malicious code, without allowing the software to harm the host device.
As an example, a web browser implements a sandbox to restrict a web application executed by the web browser. Specifically, the web browser restricts the web application from accessing other applications executing on the same machine as the web browser. The web browser may also restrict the web application from accessing certain data sets stored on the machine executing the web browser. Furthermore, the web browser may also restrict the web application from accessing applications executing or data stored on machines within a same Local Area Network (LAN) as the machine executing the web browser. In order to access the restricted applications and/or the data, the web application may rely upon a web browser plug-in which has access permissions necessary to access the restricted applications and/or data.
Netscape Plugin Application Programming Interface (NPAPI) is a cross-platform plugin architecture supported by many web browsers. NPAPI plug-ins are generally not as restricted as the web applications themselves. As a result, NPAPI plug-ins may be used by web applications to access (a) applications executing on the same machine as the web browser or (b) data stored on the same machine as the web browser. Some web browsers today are being updated to remove support for NPAPI plug-ins due to security risks associated with NPAPI plug-ins.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.