SecureC

Inspiration

The inspiration for this project came from my desire to create a safe, isolated environment for running untrusted code, particularly in the context of C programming. As a computer science student, I often encounter challenges when working with potentially harmful or faulty code. I wanted to build something that would allow me to execute C code securely without risking the integrity of my system. This project was born out of a need for better security while testing and running user-submitted code in a controlled environment.

What it does

SecureC is a web-based application that allows users to upload C files, which are then compiled and executed within a custom-built sandbox. The sandbox enforces strict resource limits, such as CPU usage and memory consumption, to ensure that the code runs securely without affecting the underlying system. Users can view the compiled output, execution time, and status of their code, all through a simple and user-friendly web interface.

How I built it

I built the project using a combination of languages and frameworks:

C: Used for building the sandbox to securely compile and execute C code.
Python (Flask): The backend was developed with Flask, which communicates with the C-based sandbox to handle requests, compile code, and return output to the user.
HTML: Used for the frontend to create a clean and simple user interface for file uploads and displaying results.
GCC: GCC was used for compiling the uploaded C files.
AWS EC2: I deployed the application to Amazon EC2 for reliable hosting and access.

I integrated the Python backend with the C sandbox environment by executing C code via system calls in Python, ensuring that everything runs securely within resource limits. The Flask web interface handles the user interactions, while the C environment processes the uploaded code.

Challenges I ran into

Security Issues: Ensuring the sandbox was properly isolating the C code to prevent any potential system vulnerabilities was the biggest challenge. I had to implement thorough resource limits and ensure the environment was fully controlled.
Handling Edge Cases: It was difficult to account for edge cases like infinite loops or bad memory allocation. I had to implement mechanisms to gracefully handle such cases without crashing the system.
Integration Between C and Python: Integrating Python (Flask) with C for sandboxing posed a few challenges, especially when it came to ensuring seamless communication between the backend and the C execution environment.
Deployment: Deploying the project to AWS and configuring all the necessary software and networking settings took a considerable amount of time.
Mac Limitations: My Mac system had limitations in running an efficient sandbox environment. I had to create the sandbox from scratch rather than relying on built-in solutions, which added complexity to the project. This forced me to delve deeper into system-level programming to build a secure and functional sandbox.

Accomplishments that I'm proud of

I'm particularly proud of successfully creating the sandbox from scratch and ensuring that it provides a safe, isolated environment for running untrusted C code. The project also integrates multiple technologies — Python, C, AWS, and web development — and manages to deliver a seamless user experience. Additionally, handling edge cases like infinite loops and bad memory allocation was a major accomplishment.

Deploying the project to AWS EC2 was a significant milestone, as it made the project accessible to anyone with an internet connection. I’m also happy with the fact that users can upload, compile, and run their C code with full visibility of execution time and output, all within a secure environment.

What I learned

Through this project, I learned a great deal about system-level programming, security, and resource management. I also gained hands-on experience integrating different technologies such as Python (Flask), C, and AWS EC2. Additionally, I deepened my understanding of how to build secure sandbox environments, how to deal with edge cases like infinite loops, and how to implement proper error handling to avoid system crashes. This project gave me the opportunity to experiment with new approaches to integrating multiple programming languages and technologies into a cohesive application.

What's next for SecureC

Looking ahead, I plan to enhance SecureC by adding more features to the sandbox, such as support for other programming languages. I also plan to improve the error handling and performance optimizations for handling more complex code. Additionally, I would like to add support for saving the results of code execution, so users can track the performance of their code over time. Finally, I aim to refine the user interface to make it more interactive and user-friendly.

The ultimate goal is to provide a more robust and scalable solution for running untrusted code securely, and to continue learning more about system security, resource management, and full-stack development.

Built With

amazon-ec2
c
c++
flask
gunicorn
html
linux
mac
makefile
os
python
rest
sandbox
virtualenv

Submitted to

HackPrinceton Spring 2025

Created by

This project was developed entirely by me as a solo effort. I took on all aspects of the project, from the conception and design to the final deployment. My contribution includes the following key areas:

Sandbox Development (C): I created the core of the project — a custom-built C sandbox environment. This environment ensures that untrusted C code runs in isolation, with strict resource limits, such as CPU and memory restrictions, to prevent any harm to the underlying system. I developed the necessary system-level code to execute and monitor the compiled code in a safe manner.

Backend Development (Flask): I designed and implemented the backend of the project using Python and Flask. This involved creating endpoints for file upload, compiling C code, and securely executing it in the sandbox. I also handled the logic for returning output, execution time, and status to the user.

Frontend Development (HTML): I developed the web interface for the project using HTML. The interface allows users to upload their C files, view the results, and interact with the system in a straightforward way. I ensured that the UI was clean and simple, making it user-friendly.

Cloud Deployment (AWS EC2): I took responsibility for deploying the entire application on AWS EC2. This involved configuring the necessary cloud resources, setting up the environment, and ensuring that everything ran smoothly on a remote server for public access.

Security and Edge Case Handling: A significant portion of the work involved ensuring the project was secure, particularly by handling edge cases like infinite loops, memory allocation failures, and ensuring that the sandbox was properly isolated. I implemented resource limitations and error handling mechanisms to guarantee that the system would not be compromised by faulty code.

Integration: I integrated the C-based sandbox with the Python Flask backend, ensuring seamless communication between the two. This required an understanding of system-level programming and how to execute and capture the results of C code from within a web application.

Overall, this project represents a complete full-stack development effort, where I utilized my knowledge of C, Python, Flask, AWS, and security practices to build a working, secure solution for running untrusted code.

Prisha Priyadarshini

Updates

Prisha Priyadarshini started this project — Mar 29, 2025 11:08 PM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.