本文介绍了沙箱技术的基本概念及其在网络安全中的应用。沙箱能够隔离未知或未经测试的代码,防止其对系统造成损害或窃取敏感信息。此外,文章还讨论了浏览器中网页加载时的沙箱使用案例。
Sandbox
A sandbox is a testing environment that isolates untested or unknown code. Sandboxing protects operational systems and their data from unknown code that may have arrived on the network from unknown external sources. It can provide threat intelligence by analyzing code behavior, and can for example be used in conjunction with rogue executables captured in a honeypot or for testing an unknown VM image.
Figure 1 - An example of a sandbox being used to test an unknown VM instance.
Figure 1 is an example of sandboxing that isolates rogue VMs, preventing malicious or unapproved VMs from damaging or snooping on the rest of the compute resource, or escaping. Sandboxes restrict what a program can do, providing only the permission level it needs without adding additional permissions that could be abused. Another example is browser sandboxing of loaded Web pages. Web pages can run JavaScript code, but if the JavaScript code tries to access a local file on the compute resource, the request will fail because the code is being executed inside the sandbox.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
