/ManagedSandbox

A managed sandbox implementation that lets developers choose between various levels of security.

Primary LanguageC#MIT LicenseMIT

ManagedSandbox

A managed sandbox implementation that lets developers choose between various levels of security.

NOTE: This code is intended to lay the foundation for creating a secure sandbox, but by default is not fully locked down.

The following resources were used to write this code:

Resource Usage
MalwareTech Launching a process in an AppContainer
pinvoke.net Various interop stubs
Practical Sandboxing 1 2 3 Various sandboxing concepts

Usage

An application is launched in a sandbox using the SandboxedProcess class, and specifying the various IProtection implementations applicable for the sandboxing scenario.

var sandboxProcess = SandboxedProcess.Start(
    @"c:\foo.exe",
    new JobObjectProtection(),
    new DesktopProtection(),
    new RestrictedTokenProtection(),
    new AppContainerProtection());

Protections

AppContainer

Desktop

JobObject

Restricted Token

Troubleshooting