When dealing with dynamic component environments such as the OSGi Service Platform, where components can come from different sources and may be known only during runtime, evaluating third party components trustworthiness at runtime is difficult. The traditional namespace based isolation and the security mechanisms provided in the Java platform (the base platform for OSGi) can restrict the access of such components but can not provide fault isolation. In this paper we present a dynamic component isolation approach for the OSGi platform, based on a recently standardized Java mechanism. When an untrusted component is activated during runtime, it is isolated in a fault contained environment but it can still collaborate with the application. If it is observed that the untrusted code does not bring any threat to the application, at runtime it can be dynamically promoted to the safe environment. Tests have been performed in a controlled environment where misbehaving components hosted in the s...