Void Sandbox Architecture defines the containment boundary used by Void.
Its purpose is to create controlled execution spaces where software activity can be observed, limited, and governed by policy.
A sandbox is not only a box around an app.
In Void, a sandbox is a boundary model.
It asks:
What can this process see, touch, change, launch, or communicate with?
The answer should be explicit, auditable, and enforceable.
The Core Idea
Traditional sandboxing often starts with a simple isolation goal:
Keep the application away from sensitive parts of the system.
Void Sandbox Architecture extends that idea into a wider containment model.
It considers multiple boundary types:
- process boundaries;
- file boundaries;
- permission boundaries;
- network boundaries;
- credential boundaries;
- clipboard boundaries;
- user-consent boundaries;
- local policy boundaries.
The goal is not only to block bad behaviour after it happens.
The goal is to make boundary crossings visible before they become trusted by default.
Why Sandboxing Matters
Modern applications do not operate as isolated files.
They may launch helpers, read configuration, access credentials, call network services, write logs, invoke background agents, and pass data between processes.
A security model that only asks whether the original app is trusted is incomplete.
Void asks whether each boundary crossing is justified.
What the Sandbox Controls
Void Sandbox Architecture can be used to define or inspect controls around:
File Access
- readable folders;
- writable folders;
- protected directories;
- temporary storage;
- configuration files;
- user documents.
Process Behaviour
- child process launches;
- helper tools;
- background services;
- executable handoffs;
- local automation hooks.
Network Behaviour
- outbound connections;
- local ports;
- external domains;
- DNS-related behaviour;
- unexpected communication paths.
Credentials and Sensitive Material
- keychain access;
- tokens;
- local secrets;
- configuration values;
- clipboard contents;
- private files.
Relationship to Runtime Protection
Sandboxing and runtime protection are connected, but they are not the same layer.
| Layer | Main Question |
|---|---|
| Void Sandbox Architecture | What is this process allowed to access? |
| Void Runtime Protection | What is this process doing right now? |
| Void Security | What policy should govern the boundary? |
The sandbox defines the boundary.
Runtime protection watches behaviour inside and across that boundary.
Void Security provides the policy frame that decides whether the behaviour is acceptable.
Containment Before Trust
Void follows a containment-first principle:
Assume boundary risk first. Promote trust only with evidence.
This does not mean every action is malicious.
It means local activity should not silently gain authority just because an application has launched.
A process should receive only the access needed for its purpose.
Additional access should be visible, reviewable, and controlled.
Local-First Architecture
Void Sandbox Architecture is designed around local machine behaviour.
The model is useful because many important risks are local before they are remote.
Examples include:
- a process reading files it does not need;
- a helper service persisting in the background;
- a script launching without clear user awareness;
- clipboard data crossing app boundaries;
- credentials being requested unexpectedly;
- network activity starting without clear context.
Void treats these as boundary events.
What Void Is Not Claiming Yet
Void Sandbox Architecture should not currently be described as:
- guaranteed perfect isolation;
- zero breach risk;
- a complete antivirus replacement;
- absolute endpoint protection;
- universal exploit prevention;
- a proven commercial EDR replacement.
Those claims require live runtime validation, adversarial testing, and reproducible evidence.
The safer public claim is:
Void Sandbox Architecture provides a local containment model for making process, file, network, credential, and policy boundaries explicit and controllable.
Evidence Discipline
Sandbox claims should be separated into three layers.
Confirmed Architecture
The architecture defines a containment model around local machine boundaries.
This includes process, file, network, credential, clipboard, and policy domains.
Candidate Capability
With implementation and validation, Void may support:
- clearer local boundary visibility;
- app containment workflows;
- controlled file access;
- controlled network access;
- local policy enforcement;
- better audit records;
- reduced blind trust in background processes.
Claims Not Yet Public-Final
The following should remain blocked until separately validated:
- guaranteed exploit prevention;
- guaranteed malware blocking;
- absolute containment;
- production-grade endpoint security claims;
- superiority over established security products.
The rule remains:
No security claim outruns its evidence.
Product Interpretation
Void Sandbox Architecture is best understood as:
- a containment boundary model;
- a local isolation architecture;
- a process and permission control layer;
- a way to make boundary crossings visible;
- a foundation for Void Runtime Protection.
Summary
Void Sandbox Architecture defines the local containment boundaries used by Void.
It makes process, file, network, credential, clipboard, and policy boundaries explicit.
The aim is controlled execution, not blind trust.
Void Sandbox Architecture provides the boundary.
Void Runtime Protection observes behaviour across that boundary.
Void Security decides which boundary crossings should be allowed.
Related Products
- what-is-a-sandbox
- what-is-secure-architecture
- void-runtime-protection