• 欢迎访问速搜资源吧,如果在网站上找不到你需要的资源,可以在留言板上留言,管理员会尽量满足你!

【速搜问答】沙盒是什么

问答 admin 1个月前 (01-16) 36次浏览 已收录 0个评论

汉英对照:
Chinese-English Translation:

沙盒(英语:sandbox,又译为沙箱),计算机专业术语,在计算机安全领域中是一种安全机制,为运行中的程序提供的隔离环境。通常是作为一些来源不可信、具破坏力或无法判定程序意图的程序提供实验之用。

Sandbox (English: sandbox, also translated as sandbox), a computer terminology, is a security mechanism in the field of computer security, providing an isolation environment for running programs. It is usually used to provide experiments for programs with unreliable sources, destructive power or unable to determine the intention of the program.

沙盒(英语:sandbox,又译为沙箱),计算机专业术语,在计算机安全领域中是一种安全机制,为运行中的程序提供的隔离环境。通常是作为一些来源不可信、具破坏力或无法判定程序意图的程序提供实验之用。

Sandbox (English: sandbox, also translated as sandbox), a computer terminology, is a security mechanism in the field of computer security, providing an isolation environment for running programs. It is usually used to provide experiments for programs with unreliable sources, destructive power or unable to determine the intention of the program.

简介

brief introduction

沙盒(英语:sandbox,又译为沙箱),计算机术语,在计算机安全领域中是一种安全机制,为运行中的程序提供的隔离环境。通常是作为一些来源不可信、具破坏力或无法判定程序意图的程序提供实验之用。

Sandbox (English: sandbox, also translated as sandbox), a computer term, is a security mechanism in the field of computer security, providing an isolation environment for running programs. It is usually used to provide experiments for programs with unreliable sources, destructive power or unable to determine the intention of the program.

沙盒通常严格控制其中的程序所能访问的资源,比如,沙盒可以提供用后即回收的磁盘及内存空间。在沙盒中,网络访问、对真实系统的访问、对输入设备的读取通常被禁止或是严格限制。从这个角度来说,沙盒属于虚拟化的一种。

Sandbox usually strictly controls the resources that the program can access. For example, Sandbox can provide disk and memory space that can be recycled after use. In sandbox, network access, access to real systems and access to input devices are usually prohibited or strictly restricted. From this point of view, sandbox is a kind of virtualization.

沙盒中的所有改动对操作系统不会造成任何损失。通常,这种技术被计算机技术人员广泛用于测试可能带毒的程序或是其他的恶意代码。

All the changes in the sandbox will not cause any damage to the operating system. Usually, this technology is widely used by computer technicians to test potentially toxic programs or other malicious code.

具体实现

Concrete realization

沙盒将软件运行于一个受限的系统环境中,控制程序可使用的资源(如文件描述符、内存、磁盘空间等)。

Sandbox runs the software in a limited system environment and controls the resources (such as file descriptor, memory, disk space, etc.) that the program can use.

以下是一些沙盒的具体实现:

Here are some specific implementations of sandboxes:

软件监狱(Jail):限制网络访问、受限的文件系统名字空间。软件监狱最常用于虚拟主机上。

Jail: restricted network access, restricted file system namespace. Software prison is most commonly used in virtual host.

基于规则的执行:通过系统安全机制,按照一系列预设规则给用户及程序分配一定的访问权限,完全控制程序的启动、代码注入及网络访问。也可控制程序对于文件、注册表的访问。在这样的环境中,病毒木马感染系统的几率将会减小。Linux 中,安全增强式 Linux 和 AppArmor 正使用了这种策略。

Rule based execution: through the system security mechanism, according to a series of preset rules, assign certain access rights to users and programs, and fully control the program startup, code injection and network access. It can also control the program’s access to files and registry. In such an environment, the probability of virus Trojan horse infecting the system will be reduced. In Linux, security enhanced Linux and AppArmor are using this strategy.

虚拟机:模拟一个完整的宿主系统,可以如运行于真实硬件一般运行虚拟的操作系统(客户系统)。客户系统只能通过模拟器访问宿主的资源,因此可算作一种沙盒。

Virtual machine: simulate a complete host system, which can run virtual operating system (client system) as if running on real hardware. The client system can only access the host’s resources through the simulator, so it can be regarded as a sandbox.

主机本地沙盒:安全研究人员十分依赖沙盒技术来分析恶意软件的行为。通过创建一个模拟真实桌面的环境,研究人员就能够观察恶意软件是如何感染一台主机的。若干恶意软件分析服务使用了沙盒技术。

Host local sandbox: security researchers rely on sandbox technology to analyze the behavior of malware. By creating an environment that mimics a real desktop, researchers can observe how malware infects a host. Several malware analysis services use sandbox technology.

在线判题系统:用于编程竞赛中的程序测试。

Online test system: used for program test in programming competition.

安全计算模式(seccomp):Linux 内核内置的一个沙盒。启用后,seccomp 仅允许 write()、read()、exit()和 sigreturn()这几个系统调用。

Secure computing mode (seccomp): a sandbox built into the Linux kernel. When enabled, seccomp only allows system calls such as write (), read (), exit (), and sigreturn().

参见

See also

chroot

chroot

虚拟系统

Virtual system

Sandboxie

Sandboxie


速搜资源网 , 版权所有丨如未注明 , 均为原创丨转载请注明原文链接:【速搜问答】沙盒是什么
喜欢 (0)
[361009623@qq.com]
分享 (0)
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址