Chrome OS Security: Initial Impressions
There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.
November 20, 2009
There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.In case you missed it, Google had made a big splash with Chrome OS yesterday. InformationWeek's Thomas Claburn covered it here and here.
Chrome OS is more specialized of an operating system than you're probably ever used on a PC. In fact, it's not designed for general use PCs, it's designed for Web devices. And it seems Chrome OS will only be available on the devices of its hardware partners, and will only run Web applications. As I understand the way it is now, users will not be able to install software on Chrome OS systems. There is either a Web application, or no application available for you.
With that focus, the benefits will certainly be speed and security. The drawbacks will be a significant loss of flexibility. For the near future, Chrome OS will live up to its promise and be useful primarily as a second PC for most people.
The Chrome OS will be hardened through a number of approaches, such as "process sandboxing." When sandboxed, every process will run in its own segment of memory. The idea is that, if that application is comprised, that compromise is limited to that specific application. Exploits, such of those made possible by buffer overflows, will be mitigated through things like No execute (NX) and Address Space Layout Randomization (ASLR).
Also, the root partition will be read-only, and user home directories won't be allowed to have executables, privileged executables, or device nodes. Locally stored user data will be encrypted.
Chrome OS will also employ something it's calling "Verified boot." Essentially, the kernel will validated that it hasn't been changed as it boots through cryptographic keys stored in firmware.
No new security concepts listed there, but being utilized in a limited, Web-only operating system certainly is new. And this should change the tactics attackers will use to grab data and infect systems.
One aspect of Chrome OS, as I learn its planned security capabilities, that opened by eyes is this rather proactive monitoring of operating system processes by Google. From Google's Security Overview document of Chrome OS:
"Rendering pwned devices useless
We do not intend to brick devices that we believe to be hacked. If we can reliably detect this state on the client, we should just initiate an update and reboot. We could try to leverage the abuse detection and mitigation mechanisms in the Google services that people are using from their Chromium OS devices, but it seems more scalable to allow each service to continue handling these problems on its own.
"
This strikes me as quite draconian. You can make a city, or even an entire country, very secure by taking a zero-tolerance approach to crime and living under marshal law. But not everyone would find the trade off for that level of "safety" worthwhile.
As someone who has tracked IT security for years, it's fascinating to watch how a company with the resources and capabilities of Google approaches operating system and application security when it has such a green field starting point. With Chrome OS, Google has a luxury Microsoft does not: it doesn't have to support legacy, on-premise installed software or hardware. And the company can choose the hardware on which it runs.
Malware will certainly have a tougher time running on Chrome OS, than any version of Windows, Linux, or OS X. Though it won't make viruses and Trojans extinct, it could force them to evolve.
Yet, it doesn't strike me as a computing experience I'd be interested. For instance, I enjoy using my MacBook Air as primarily as Web surfing and application device - but there are a few dozen applications installed on the Air that I just won't give up - along with the power and flexibility to install any application of choice.
For my security and technology observations throughout the day, consider following me on Twitter.
About the Author
You May Also Like