Run-time configurable sandboxes

Bernd Eckenfels ecki at
Tue May 26 20:40:23 UTC 2015


partial quote as I want to add to a point:

Am Tue, 26 May 2015 16:19:59 -0400
schrieb Michael Maass <mmaass at>:

> 3. Common security reasons to use the sandbox: (a) using a third
> party library that isn't fully trusted (convenience often trumps
> security) and (b) frameworks loading third party plugins.

From looking at CVEs it looks like the only other common reason not
mentioned here is multi tenancy for Web Application Servers (i.e.
seperate WAR deployments). 

And I am quite sure by now (i.e. contains and other PaaS technolgies) 
nobody considers that anymore. So the biggest user might as well be
Google App Engine (not sure how far their special platform relies on
the security manager).


PS: Michael I would be interested in your paper for my personal

More information about the security-dev mailing list