Maybe we need secure attestation for sandbox to be protected against compromised host :)

It does sound hard, and might need to employ homomorphic encryption with hw help for any memory access after code has been also verifiably unaltered through (uncompromised) hw attestation.