Publication: CS50 Sandbox: Secure Execution of Untrusted Code
Open/View Files
Date
2013
Authors
Published Version
Journal Title
Journal ISSN
Volume Title
Publisher
Association for Computing Machinery
The Harvard community has made this article openly available. Please share how this access benefits you.
Citation
Malan, David J. 2013. CS50 Sandbox: Secure execution of untrusted code. In Proceedings of the 44th SIGCSE Technical Symposium on Computer Science Education (SIGCSE '13). Denver, CO, March 2013, 141-146. New York: Association for Computing Machinery.
Research Data
Abstract
We introduce CS50 Sandbox, an environment for secure execution of untrusted code. Implemented as an asynchronous HTTP server, CS50 Sandbox offers clients the ability to execute programs (both interactive and non-interactive) written in any compiled or interpreted language in a tightly controlled, resource-constrained environment. CS50 Sandbox’s HTTP-based API takes files, command lines, and standard input as inputs and returns standard output and error plus exit codes as outputs. Atop CS50 Sandbox, we have built CS50 Run, a web- based code editor that enables students to write code in a browser in any language, whether compiled or interpreted, that’s executed server-side within a sandboxed environment. And we have built CS50 Check, an autograding framework that supports black- and white-box testing of students’ code, leveraging CS50 Sandbox to run series of checks against students’ programs, no matter the language of implementation. We present in this work the pedagogical motivations for each of these tools, along with the underlying designs thereof. Each is available as open source.
Description
Other Available Sources
Keywords
collaborative learning, computer-assisted instruction, computer science education, self-assessment
Terms of Use
This article is made available under the terms and conditions applicable to Other Posted Material (LAA), as set forth at Terms of Service