strict containment requires simulations of such a program, something theoretically (and practically) infeasible.
Sandboxing just requires that you be sure that the sandboxed entity can’t send bits outside the system (except on some defined channel, maybe), which is perfectly feasible.
In software, it’s trivial: create a subroutine with only a very specific output, include the entity inside it. Some precautions are then needed to prevent the entity from hacking out through hardware weaknesses, but that should be doable (using isolation in faraday cage if needed).
Sandboxing just requires that you be sure that the sandboxed entity can’t send bits outside the system (except on some defined channel, maybe), which is perfectly feasible.
Citation needed.
In software, it’s trivial: create a subroutine with only a very specific output, include the entity inside it. Some precautions are then needed to prevent the entity from hacking out through hardware weaknesses, but that should be doable (using isolation in faraday cage if needed).