Graduate Project

Security sandboxing for PC2: Windows version

The purpose of a Sandbox software is to execute a program under restricted environment to protect a computer system from malicious activities. The Security Sandbox tool will be developed to be used for the Programming Contest Control System, called PC2 for short. PC2 software is used to support programming contests of ACM and its International Collegiate Programming Contests around the world. PC2 allows teams to submit their programs to the judges over the network. The judges can perform manual judging for the team’s submitted program. PC2 also supports automatic judging of these submitted programs. These are a few of the many functionalities of PC2. When teams submit their programs for judging, their code might perform malicious activities on the system that is running the judging module. Opening a network socket, accessing important or personal files, running a script to delete files, trying to hamper working of PC2, etcetera are a few examples of the illegal activities that the team’s programs could do to harm the judge’s system. Sandbox will keep a check on all the activities that the team’s program does during its execution and will stop the execution of the program as soon as it finds that it is performing an illegal activity. It will fulfill its task by inspecting all system calls made by the team’s program. The list of permissible or non-permissible system calls will be provided to the Sandbox by the judges ahead of time, in the form of a policy file. Apart from team’s submitted programs, Sandbox should also be able to run any executable file, as a target program provided to it by PC2 and return its result. One of the other major features of Sandbox will the Input/Output Forwarding of data from PC2 to this target program and vice versa. The deliverables of the project will be a Sandbox Software running on Windows and a report on the various details of this project.