Software solutions often allow privileged users to change the behavior of a system during its runtime. In most cases, this variability is achieved by predefined configuration parameters, which can be set to predefined value-ranges, e.g. the maximum number of connections of a hypertext transfer protocol (HTTP) server.
However, in some cases, the mechanism of configuration parameters is too restrictive. Certain systems allow users to introduce arbitrary custom logic in the form of user-defined code during runtime. For example, some multi-tenant systems are highly variable during runtime. Variability can be achieved via a rule engine, in particular, by a user specifying “Event Condition Action” rules to express under which conditions (event+condition) which state changes in the system should apply (action).
On one side, this freedom is desired and necessary in order to give the rule authors the opportunity to formalize arbitrary complex logic. On the other side, this freedom, however, can become a safety concern once users start to insert malicious source code as part of their rules. Malicious rules could, for example, terminate the running server process and thus, take down the service for all other tenants and other applications running at the server as well. Moreover, the rules can illegally access and tamper with resources on the executing machine, such as password files or business data. Finally, undesired operations on the executing process, such as undesired access to memory and objects that allow security critical operations shall be prohibited.
In the drawings, like reference numbers generally indicate identical or similar elements. Additionally, generally, the left-most digit(s) of a reference number identifies the drawing in which the reference number first appears.