Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

SandboxEval: Towards Securing Test Environment for Untrusted Code

Rafiqul Rabin, Jesse Hostetler, Sean McGregor, Brett Weir, Nick Judd

TL;DR

The paper addresses the security risks of executing untrusted code generated by large language models (LLMs) in assessment infrastructures. It introduces SandboxEval, a handcrafted test suite comprising 51 scenarios to evaluate sandboxing and information-confidentiality properties in Linux-based test environments, demonstrated by applying it to a Dyff AI assessment framework. The approach yields concrete insights for hardening infrastructure, such as identifying exposed environment variables and restrictive but effective container configurations, while highlighting gaps in network policies and resource controls. The work provides a practical, deployable methodology for researchers and engineers to validate secure execution of LLM-generated code and to guide improvements in assessment workflows and sandbox configurations.

Abstract

While large language models (LLMs) are powerful assistants in programming tasks, they may also produce malicious code. Testing LLM-generated code therefore poses significant risks to assessment infrastructure tasked with executing untrusted code. To address these risks, this work focuses on evaluating the security and confidentiality properties of test environments, reducing the risk that LLM-generated code may compromise the assessment infrastructure. We introduce SandboxEval, a test suite featuring manually crafted test cases that simulate real-world safety scenarios for LLM assessment environments in the context of untrusted code execution. The suite evaluates vulnerabilities to sensitive information exposure, filesystem manipulation, external communication, and other potentially dangerous operations in the course of assessment activity. We demonstrate the utility of SandboxEval by deploying it on an open-source implementation of Dyff, an established AI assessment framework used to evaluate the safety of LLMs at scale. We show, first, that the test suite accurately describes limitations placed on an LLM operating under instructions to generate malicious code. Second, we show that the test results provide valuable insights for developers seeking to harden assessment infrastructure and identify risks associated with LLM execution activities.

SandboxEval: Towards Securing Test Environment for Untrusted Code

TL;DR

The paper addresses the security risks of executing untrusted code generated by large language models (LLMs) in assessment infrastructures. It introduces SandboxEval, a handcrafted test suite comprising 51 scenarios to evaluate sandboxing and information-confidentiality properties in Linux-based test environments, demonstrated by applying it to a Dyff AI assessment framework. The approach yields concrete insights for hardening infrastructure, such as identifying exposed environment variables and restrictive but effective container configurations, while highlighting gaps in network policies and resource controls. The work provides a practical, deployable methodology for researchers and engineers to validate secure execution of LLM-generated code and to guide improvements in assessment workflows and sandbox configurations.

Abstract

While large language models (LLMs) are powerful assistants in programming tasks, they may also produce malicious code. Testing LLM-generated code therefore poses significant risks to assessment infrastructure tasked with executing untrusted code. To address these risks, this work focuses on evaluating the security and confidentiality properties of test environments, reducing the risk that LLM-generated code may compromise the assessment infrastructure. We introduce SandboxEval, a test suite featuring manually crafted test cases that simulate real-world safety scenarios for LLM assessment environments in the context of untrusted code execution. The suite evaluates vulnerabilities to sensitive information exposure, filesystem manipulation, external communication, and other potentially dangerous operations in the course of assessment activity. We demonstrate the utility of SandboxEval by deploying it on an open-source implementation of Dyff, an established AI assessment framework used to evaluate the safety of LLMs at scale. We show, first, that the test suite accurately describes limitations placed on an LLM operating under instructions to generate malicious code. Second, we show that the test results provide valuable insights for developers seeking to harden assessment infrastructure and identify risks associated with LLM execution activities.

Paper Structure

This paper contains 17 sections, 4 tables.

Table of Contents

  1. Introduction
  2. SandboxEval Test Suite
  3. Exposing Sensitive Information - System, Directory, and Metadata
  4. Manipulating Structures, Contents, and Privileges of Filesystem
  5. Initiating External Communications and Dangerous Operations
  6. Experimentation and Results
  7. Experimental Design
  8. Result Analysis
  9. Test results for exposing sensitive information
  10. Test results for manipulating filesystems
  11. Test results for external communications
  12. Test results for dangerous operations
  13. Related Works
  14. Security Issues in AI-Generated Code
  15. Secure Execution of AI-Generated Code
  16. ...and 2 more sections