[mopierotti]

I know this is about ruby, but it's worth noting that this kind of thing would be solved by effect systems, e.g. Haskell's IO type. If IO isn't part of the signature, you know it's cpu only. Furthermore, you can get more specific such as having a DB type to indicate some code only has access to databases rather than the internet as a whole.

[kibwen]

I think you'd also need to prevent things like unsafePerformIO, and equivalent loopholes.

[fasterdom]

While that might be true, you are not going to switch the world to program in Haskell.

We need a solution which also works for most used languages, JS/C++/Java/Python..., which suggests that it should be done at a higher level, maybe with OS involvement somehow.

[EmpirePhoenix]

Java actually has a pretty useful and powerful securitymanager concept, that nearly noone uses :/