This page will look better in a graphical browser that supports web standards, but is accessible to any browser or internet device.

Served by Samwise.

Cardiac Physiome Society workshop: November 6-9, 2017 , Toronto

The JSim Sandbox

This page is for the current JSim version 2.0. Click here for the earlier JSim 1.6 version.

Introduction

JSim models allow for embedding of source code in Java, C and (eventually) other languages using a feature called Functions and Procedures (F&P). F&P give modelers great flexibility in how they formulate model calculations, at the cost of opening a potential security hole. Using these same constructs, an unscrupulous person could embed malicious code into a JSim model or project file and pass it on to an unsuspecting JSim user. The user's account and/or computer system might then be harmed by running such a model under JSim. The JSim sandbox is a mechanism for safely running untrusted model code.

Prerequisites:

Contents:

Sandbox Overview

The JSim sandbox is a protected environment for running Java F&P that prevents potentially dangerous operations (such as deleting arbitrary files). Complete details on prohibited operations are found in the technical details secion of this document.

The sandbox has two user-configurable parameters:

  1. READPATH - readable directories available to the application;
  2. WRITEPATH - writeable/deletable directories available to the application.

The default sandbox is very restrictive, prohibiting, for instance, saving project files in their normal locations. The user may augment the default READPATH and WRITEPATH on the command line in jsim or jsbatch.

Activating the Sandbox

The sandbox is activated in the -sandbox switch::

-sandbox [ WRITEPATH [ READPATH ] ]

Each PATH is a list of files or directories separated by your operating system's path separation character (colon on MacOS and Linux, semi-colon on Windows). User may specify no paths, the WRITEPATH only or both paths. READPATH automatically contains WRITEPATH so path elements need not be entered twice.

The sandbox switch is available in the jsim, jsbatch and jsserver programs. jsserver behaves slightly differently that the others in that:

Usage Recommendations

NSR recommends the following safety practices as standard:

  1. Running models developed by yourself or trusted collaborators does not require the sandbox.
  2. If you receive a model or project file from an untrusted source, it should be run in the sandbox. If working in the sandbox is inconvenient, you should examine the code to make sure there is nothing malicious in it before running it outside the sandbox.
  3. It is always a poor idea to run JSim (or any other complex user program) from a privileged account (that is, Administrator or root).

Technical Details

Activating the sandbox causes the following changes in program behaviour:

If you have particular concerns about JSim security issues, contact us.

Comments or Questions?

[This page was last modified 06Jul12, 3:19 pm.]

Model development and archiving support at physiome.org provided by the following grants: NIH/NIBIB BE08407 Software Integration, JSim and SBW 6/1/09-5/31/13; NIH/NHLBI T15 HL88516-01 Modeling for Heart, Lung and Blood: From Cell to Organ, 4/1/07-3/31/11; NSF BES-0506477 Adaptive Multi-Scale Model Simulation, 8/15/05-7/31/08; NIH/NHLBI R01 HL073598 Core 3: 3D Imaging and Computer Modeling of the Respiratory Tract, 9/1/04-8/31/09; as well as prior support from NIH/NCRR P41 RR01243 Simulation Resource in Circulatory Mass Transport and Exchange, 12/1/1980-11/30/01 and NIH/NIBIB R01 EB001973 JSim: A Simulation Analysis Platform, 3/1/02-2/28/07.