Originally Posted by
Neo1
This concept is sometimes known as a sandbox, one example of such a sandbox is a virtual machine, another is the sandbox used by Google Chrome/Chromium.
In your case what i would do is make the host application a proxy between the operating system and the client application (this is pretty much what all sandboxes do at some level). What i mean by this is it seems like you want some of the basic OS services available to the client application (input/output), thus the host application defines an interface for these services that the client application may call. Then you can simply omit the functionality that you don't wish for the client applications to have access to.
I'm not sure how to implement this, but what i do know is that if you want the security aspect of this to be bulletproof, you're gonna be spending a _lot_ of time on this project.