Fundamental Concepts

Multi-Sandboxing is based on the the Kernel & Features Specification (KF).

It allows an application code to be split between multiples parts:

  • the main application, called the Kernel,
  • zero or more applications called Features.

Therefore, a Kernel Application relates to the Kernel concept and a Sandboxed Application relates to the Feature concept.

Some fundamental points:

  • The Kernel is mandatory. It is assumed to be reliable, trusted and cannot be modified.
  • A Feature is an application “extension” managed by the Kernel.
  • A Feature is fully controlled by the Kernel: it can be installed (dynamically or statically pre-installed), started, stopped and uninstalled at any time independent of the system state (particularly, a Feature never depends on another Feature to be stopped).
  • A Feature is optional, potentially not-trusted, maybe unreliable and can be executed without jeopardizing the safety of the Kernel execution and other Features.
  • Resources accesses (RAM, hardware peripherals, CPU time, …) are under control of the Kernel.


You can go further by reading the Kernel & Features Specification.