Abstract: A service prevents attacks carried out through container escape for silo-based containers. A callback is registered for a function(s) that may be invoked from inside a container and returns an object handle(s). The callback, when triggered by invocation of the function(s), executes for determination of whether requests for access to objects via their handles are issued by suspicious processes. Access to CExecSvc.exe is restricted for processes that request a handle for CExecSvc.exe and are determined to be associated with a container themselves. Processes that escape their container through a technique that evades detection are also blocked from accessing the host system. When a process requests access to an object via invocation of a function that returns a handle, the callback executes for determination of whether the process but not the requested object is associated with a container, in which case the service restricts the process' access to the host system.

Abstract: A method for testing operation of a computer application. An emulator is provided to run on a development platform subject to limitations of multiple different target devices, the emulator including a set of emulator APIs corresponding to target Application Program Interfaces (APIs) available on the different target devices. A subset of the target APIs that are supported by one of the target devices is specified. Access by the emulator to the emulator APIs that correspond to one or more of the target APIs that are not in the specified subset is blocked. The application is run on the emulator subject to the blocked access.

Abstract: A method for testing operation of a computer application. An emulator is provided to run on a development platform subject to limitations of multiple different target devices, the emulator including a set of emulator APIs corresponding to target Application Program Interfaces (APIs) available on the different target devices. A subset of the target APIs that are supported by one of the target devices is specified. Access by the emulator to the emulator APIs that correspond to one or more of the target APIs that are not in the specified subset is blocked. The application is run on the emulator subject to the blocked access.