Software for execution in a computer system is increasingly deployed to runtime environments such as runtime engines or system software environments for the execution of program code. Runtime environments can be employed to provide a hardware abstraction, application portability, to offer common and/or centralized services such as operating system and service interfaces, resource management, application programming interfaces, security and the like. An example of a popular runtime environment is the Java runtime environment provided by Oracle Corp.
Software for execution in a runtime environment can come from an unknown and/or untrusted source, such as Java applets accessed via web pages. To preserve the security of a runtime environment and the computer system on which the runtime environment executes, such software can be executed in a mode of the runtime environment in which security restrictions and/or controls are in place. For example, in the Java runtime environment a Java applet originating outside a computer system will execute in a restricted operating mode of a Java runtime environment known as a “sandbox”. A strict security policy applies to software executing within the sandbox an enforced by security services of the runtime environment. Where an application is able to escape the confines of the sandbox then a computer system's resources and data are at risk of misappropriation or misuse. This challenge is particularly acute for software originating from an unknown and/or untrusted source.