A tightly restricted execution environment which limits: Interaction with host system Interaction with files Interaction with other programs Usually used for keeping specific applications from interfering with the operating system. App Sandboxes Docker Cuckoo