Inside the Google Chrome OS security model

Summary:Google will use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption that thwart malicious hackers from attacking its new Google Chrome OS.

Google plans to use a combination of system hardening, process isolation, verified boot, secure auto-update and encryption to thwart malicious hackers from planting malware on its new Google Chrome OS.

Much like the Google Chrome browser, the operating system will use process sandboxing as the key weapon in a series of anti-exploitation mitigations and attack surface reduction techniques.  The end goal is to recover from a successful compromise by simply applying an update and rebooting the infected machine.

[ SEE: Google Chrome browser, the security tidbits ]

The operating system borrows much of its security posture from the Chrome browser and, at first glance, resembles the security model used by Apple to secure its iPhone device.

"It's like the iPhone for your netbook. It will be very tough to break into," said one prominent security researcher who read the document.

Here's how Google plans to harden the OS to reduce the likelihood of successful attack and reduces the usefulness of successful user-level exploits.

  • Process sandboxing
    • Mandatory access control implementation that limits resource, process, and kernel interactions
    • Control group device filtering and resource abuse constraint
    • Chrooting and process namespacing for reducing resource and cross-process attack surfaces
    • Media device interposition to reduce direct kernel interface access from Chromium browser and plugin processes

  • Toolchain hardening to limit exploit reliability and success
    • NX, ASLR, stack cookies, etc

  • Kernel hardening and configuration paring
  • Additional file system restrictions
    • Read-only root partition
    • tmpfs-based /tmp
    • User home directories that can't have executables, privileged executables, or device nodes

  • Longer term, additional system enhancements will be pursued, like driver sandboxing

In the short term, Google Chromium OS will look to thwart an "opportunistic adversary" who is attempting to compromise an individual user's machine and/or data.

On the Web side, Google Chrome OS will use a modular browser with sandboxing and process isolation to limit malware attacks:

Phishing, XSS, and other web-based exploits are no more of an issue for Chromium OS systems than they are for Chromium browsers on other platforms.  The only JavaScript APIs used in web applications on Chromium OS devices will be the same HTML5 and Open Web Platform APIs that are being deployed in Chromium browsers everywhere.  As the browser goes, so will we.

[ SEE: Google's Chrome OS: Will you give up desktop apps? ]

The new OS will also be fitted with a secure auto-update system:

  • Signed updates are downloaded over SSL.
  • Version numbers of updates can't go backwards.
  • The integrity of each update is verified on subsequent boot, using our Verified Boot process, described below.

On the data protection front, Google says users shouldn't need to worry about the privacy of their data if they forget their device in a coffee shop or share it with their family members.  This will be done by ensuring the data is unreadable except when it is in use by its rightful owner.

Here's how that will work:

  • Each user has his own encrypted store.
  • All user data stored by the operating system, browser, and any plugins are encrypted.
  • Users cannot access each other's data on a shared device.
  • The system does not protect against attacks while a user is logged in.
  • The system will attempt to protect against memory extraction (cold boot) attacks when additional hardware support arrives.
  • The system does not protect against root file system tampering by a dedicated attacker (verified boot helps there).

In this video, security engineer Will Drewry discusses Google's mindset around securing Chrome OS:

* Google Chromium security review.

More Google Chrome OS coverage:

Topics: Browser, Google, Operating Systems, Security, Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.