Expanded Definition of Sandbox

TO:               Prof. Jason Ellis
FROM:         Edwin Baez
DATE:          10/27/2021
SUBJECT:    Expanded Definition of Sandbox

Introduction 

 The purpose of this document is to explore the meaning and history of the term Sandbox. The term sandbox is used often in the software testing world, just as it was used pre-machines to define a play area. In this document, I will compare and contrast various definitions of the word Sandbox and how they are used in our world today.

Definitions 

The definition of Sandbox found in the Merriam-Webster dictionary is “a box or receptacle containing loose sand”[1,p1]. This is, of course, the old yet still relevant definition. Sandboxes are basically playpens for kids to let their imaginations run wild, but the term has long progressed since those days. According to the same Merriam-Webster dictionary, “a controller environment supervised by a regulatory authority within which existing regulations are relaxed or removed to allow businesses to more freely experiment with new products and services”[1, p1]. This definition is referring to the business use of the word, stating how a Sandbox is an environment that is controlled and supervised to test new products and services. For example, a business like Apple needs to test out its HTML code to see if those flashy new images look good on their website without bringing down their website. For experiments and test features like that, they use a Sandbox environment. Furthermore, there is a cyber security aspect to the definition. According to an article written on ProofPoint, “The purpose of the sandbox is to execute malicious code and analyze it.”[3,p1]. This definition shows how cyber security specialists use a sandbox as a tool to run code and decipher whether they are malicious or create any type of vulnerability in a system.

Context 

Though used in different manners, the term Sandbox essentially comes to a general meaning of testing with low risk. An author writes, “the idea of a sandbox provides an apt metaphor for the type of collaboration and interaction that should take place in the open, communal office spaces”[4]. This quote talks about how sandboxes are used as a space for a business or businesses to interact and try out new features without risking or harming their business. It’s more spoken of as a testing ground rather than a counter-measure. It’s like those times as a kid when we were being taught how to use PowerPoint and it had all these different fonts and slide animations. We would try all of them first in a separate PowerPoint so our work would not suffer any casualties and then once we decided on a font and/or slide animation we would implement it into our original work. In some way, we’ve all used a form of sandbox for our work.

Furthermore, a different author writes, “Sandbox testing proactively detects malware by executing, or detonating, code in a safe and isolated environment to observe that code’s behavior and output activity”[2]. This quote uses Sandboxes as a means of testing code for security purposes and not allowing a breach by isolation using a Sandbox. Unlike the business branch side of things, this way of using a Sandbox is indeed a counter-measure. It’s basically a bomb testing site but for code and incoming malware. One may say it’s taking batting practice before a game, just testing your swing, ball vision, and ability to make contact on that specific day. I used the statement “on that specific day” because it’s actually how this version of running a Sandbox works. Codes are unpredictable, there are things that even the developer himself doesn’t know would happen if the code is executed. One day your program may work flawlessly and the next day can be corrupt without even changing anything, maybe you missed a letter or number that allows the code to run more than a day or maybe a spelling mistake. All in all, this form of Sandbox is perfect for “detonating a bomb”.

Working Definition 

My major is Computer Systems branching into Cyber Security. As one can tell, the term Sandbox is very important in my field as many codes have to be tested. In my field, I would say a Sandbox is a safe zone where any developer or security analyst can try out any code or any level of work and look for vulnerabilities or decipher any malicious intent in the coding.

References 

[1]  “Sandbox.” Merriam-Webster.com Dictionary, Merriam-Webster, https://www.merriam-webster.com/dictionary/sandbox. Accessed 15 Oct. 2021.

[2] Forcepoint. 2021. What is Sandbox Security?. [online] Available at: <https://www.forcepoint.com/cyber-edu/sandbox-security> [Accessed 16 October 2021].

[3] Proofpoint. 2021. What is a Sandbox Environment? Definition & Setup | Proofpoint US. [online] Available at: <https://www.proofpoint.com/us/threat-reference/sandbox> [Accessed 16 October 2021].

[4] Clarke, D., 2021. The Serious Business of Sandboxes. [online] strategy+business. Available at: <https://www.strategy-business.com/article/The-Serious-Business-of-Sandboxes> [Accessed 16 October 2021].

500-Word Summary Of Article About Unikernel Security

TO: Prof. Ellis
FROM: Edwin Baez
DATE: October 6th, 2021
SUBJECT: 500-Word Summary Of Article About Unikernel Security

The following 500-word summary of an Article about Unikernel Security. The author discusses the risks and benefits of running applications on Unikernel environments. By showing many diagrams and going in-depth on what each type of kernel does and allows, we can differentiate which kernels are right for us.

The Kernel is the essential center of a computer’s Operating System. It is basically the core that provides basic services for all other parts of the OS. Modern-day applications require cloud services to run in a Kernel environment, making it vulnerable to attacks. A unikernel is a specialized, single address space machine image constructed using the developer’s minimal set of a selection of services. With Unikernel environments, attacks are less likely due to the lightweight memory footprint and self-contained environment.

Virtualization is the process of mirroring or emulating a system using the resources of a host machine. It can be used to re-create networks or emulate a whole new machine, thus making it more secure to use. Virtual Machines cannot communicate with each other, so if one is ever infiltrated then no harm will be caused to the actual host machine. In other words, you can use your computer to run a virtual computer and whatever happens to that virtual computer will have no effect on your actual computer/hardware.

There are various types of Virtualization. The first is Full-Virtualization, which aliases the hardware the guest machine runs on. The main appeal is its ability to mirror hardware, making it more reliable, provides more consistent performance, and is able to isolate in case of a malicious attack. If a cyber-attack were to happen, the attacker cannot attack the host but can eventually see that It is attacking a virtual machine. The second type of virtualization is OS-Virtualization. OSV is ran on a single kernel but it runs many operating systems at once. It’s basically many containers and each holding its own operating system. These containers don’t have access to the hardware of the physical machine so it is limited to the OS of the host. With that said, If the machine was ever to get attacked, all containers will be compromised.

There are two types of unikernels whose security profiles differ. Clean Slate Unikernels are not emulators. They are written in a single programming language whether it’s C++, HalVM, or Javascript. They also allow language-specific virtual machines to function, for example, Java Virtual Machine (JVM). Legacy Unikernels, on the other hand, implement a subset to ensure unmodified software can run while only requiring minor configurations. According to J. Talbot et al, “They don’t support timesharing (the ability to simultaneously run multiple independent programs), instead, they delegate this role to the virtualization layer” [1, p.2].

Isolation is the main goal of most, if not all, security enthusiasts. Software running on a Unikernel is more isolated than software running in a container. This is due to the fact that unikernels are singular and have a reduced attack surface.

REFERENCE

[1] J. Talbot et al., “A Security Perspective on Unikernels,” 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), 2020, pp. 1-7, doi: 10.1109/CyberSecurity49315.2020.9138883.