There's a few different possibilities, depending on how much isolation you want.
The easiest is to simply trust the code. It looks like that is out of the question for you, or you wouldn't be asking this.
The next step up is to run the code on a separate user account, as Vigneshwaren suggested. If you want to restrict network access specifically for a particular user account, that can be accomplished through iptables owner matching. When done, the user account can be left around or deleted, and any processes running as that user can be killed outright.
One more step up is to add a chroot jail to the separate user account. This can cause trouble with libraries or configuration files that need to be in place, but if it's e.g. a pure number-crunching exercise, it can be practical. It ensures that only the files you want the students' code to be able to access are accessible to that code.
The final step would be to execute the code in a completely separate environment. Think virtual machine, here, although a separate physical computer could accomplish the same thing. The code can execute in a completely isolated environment, including with the virtual network cable unplugged, and any damage it could possibly do, including filling up the disk or fork-bombing, will be isolated within the virtual machine and the worst that might happen is that you need to forcibly turn it off. Since the VM will have a completely separate OS installation, especially if you remove the network connection before running the software, this cannot possibly leak any of your sensitive data. With a VM, you can use disk snapshots to allow you to quickly and easily return to a known state after running each student's program.
It all depends on where on the effort-versus-trust-needed scale you place your students. Less trust requires more effort on your part to make sure nothing bad happens.