Much like the Google Chrome browser, the operating system will use process sandboxing as the key weapon in a series of anti-exploitation mitigations and attack surface reduction techniques. The end goal is to recover from a successful compromise by simply applying an update and rebooting the infected machine.
[ SEE: Google Chrome browser, the security tidbits ]
The operating system borrows much of its security posture from the Chrome browser and, at first glance, resembles the security model used by Apple to secure its iPhone device.
"It's like the iPhone for your netbook. It will be very tough to break into," said one prominent security researcher who read the document.
Here's how Google plans to harden the OS to reduce the likelihood of successful attack and reduces the usefulness of successful user-level exploits.
In the short term, Google Chromium OS will look to thwart an "opportunistic adversary" who is attempting to compromise an individual user's machine and/or data.
On the Web side, Google Chrome OS will use a modular browser with sandboxing and process isolation to limit malware attacks:
[ SEE: Google's Chrome OS: Will you give up desktop apps? ]
The new OS will also be fitted with a secure auto-update system:
On the data protection front, Google says users shouldn't need to worry about the privacy of their data if they forget their device in a coffee shop or share it with their family members. This will be done by ensuring the data is unreadable except when it is in use by its rightful owner.
Here's how that will work:
In this video, security engineer Will Drewry discusses Google's mindset around securing Chrome OS:
* Google Chromium security review.
More Google Chrome OS coverage: