See Native Client sandbox.
The ISA-specific, OS-portable sandbox used by Native Client, created via an agreement between a code generator and the Native Client validator. It creates a domain of reduced privilege within the process that also contains the Native Client service runtime.
The redundant, OS-dependent sandbox that isolates a Native Client module at the process boundary.
The trusted infrastructure that implements the analog of a system-call interface for a Native Client module in terms of native local operating system facilities.