Sandbox technology enabling Cloud Computing

Cloud computing implies application running on a shared networked machine. The machine is shared so that it can be utilized more cost effectively. For the machine to be shared the application must be sandboxed, which means it should not be able to adversely affect other applications. Virtualization, in which an application sees a virtual environment instead of a real one, enables sandboxing. Virtualization can be done at many levels.

Modern CPUs support virtualization of CPU and memory to operating systems. Qemu is used for device emulation, or virtual environment aware device drivers called para-virtualized drivers can be written for the operating system.

Xen can provide a virtual view of the CPU and memory to any operating system even when the underlining CPU does not support it directly. This is used by Amazon web services.

Linux can provide a virtual environment to applications using tools such as cgroups for partitioning processes into groups, unshare for a virtual filesystem namespace, and quota for disk quotas. This is used by Redhat OpenShift.

Google Chrome Native Client uses assembly level code analysis to validate the application binary is not crossing the virtual environment defined for the binary.

Google App Engine compiles Go language source files providing restricted libraries.

Most language interpreters can also provide sandboxing and with just in time compilation can achieve some speed in execution. Java virtual machine for class files, and Qemu for CPU emulation fall in this category.

Rajeev Narang
Managing Partner

My research interests include Law, Finance, and Information Technology.