What Exactly Is a Sandbox?

The sandbox on iOS and OS X is a security policy system that apps need to interact with it they wish to run on these Apple operating systems (mandatory on iOS, only mandatory on OS X if you want to distribute through the Mac App store). The idea comes down to the Principle of Least Privilege. Meaning if you don’t ask for operating system/file system privilege, you don’t get it.

The presentations I’ve watch by Apple engineers liken the sandbox concept to the automotive safety industry. In cars they have smart methods of preventing motor vehicles accidents. However, if the worst were to happen the industry also put a lot of focus on damage prevent during an accident (seat belts, airbags…etc). Sandboxing is the damage prevent system for modern operating systems.

Ivan Krstic, an Apple engineer on the Core OS Security talked a bit about the history of sandboxing. One thing Ivan pointed to was the way in which the original unix OSes enforced the policy that operating systems users should be protected/blocked from each other, but they stopped at that level and said the process should be allow total access within the users execution space.

Sandboxing is a method of removing that concept and enforcing stricter security in the user process execution space. That way if an application were to deliberately run amok or perhaps even to have genuine errors, it would be less likely to delete or corrupt important user data that has nothing to do with that application.