Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/20/2009
04:15 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Chrome OS Security: Initial Impressions

There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.

There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.In case you missed it, Google had made a big splash with Chrome OS yesterday. InformationWeek's Thomas Claburn covered it here and here.

Chrome OS is more specialized of an operating system than you're probably ever used on a PC. In fact, it's not designed for general use PCs, it's designed for Web devices. And it seems Chrome OS will only be available on the devices of its hardware partners, and will only run Web applications. As I understand the way it is now, users will not be able to install software on Chrome OS systems. There is either a Web application, or no application available for you.

With that focus, the benefits will certainly be speed and security. The drawbacks will be a significant loss of flexibility. For the near future, Chrome OS will live up to its promise and be useful primarily as a second PC for most people.

The Chrome OS will be hardened through a number of approaches, such as "process sandboxing." When sandboxed, every process will run in its own segment of memory. The idea is that, if that application is comprised, that compromise is limited to that specific application. Exploits, such of those made possible by buffer overflows, will be mitigated through things like No execute (NX) and Address Space Layout Randomization (ASLR).

Also, the root partition will be read-only, and user home directories won't be allowed to have executables, privileged executables, or device nodes. Locally stored user data will be encrypted.

Chrome OS will also employ something it's calling "Verified boot." Essentially, the kernel will validated that it hasn't been changed as it boots through cryptographic keys stored in firmware.

No new security concepts listed there, but being utilized in a limited, Web-only operating system certainly is new. And this should change the tactics attackers will use to grab data and infect systems.

One aspect of Chrome OS, as I learn its planned security capabilities, that opened by eyes is this rather proactive monitoring of operating system processes by Google. From Google's Security Overview document of Chrome OS:

Rendering pwned devices useless

We do not intend to brick devices that we believe to be hacked. If we can reliably detect this state on the client, we should just initiate an update and reboot. We could try to leverage the abuse detection and mitigation mechanisms in the Google services that people are using from their Chromium OS devices, but it seems more scalable to allow each service to continue handling these problems on its own.

This strikes me as quite draconian. You can make a city, or even an entire country, very secure by taking a zero-tolerance approach to crime and living under marshal law. But not everyone would find the trade off for that level of "safety" worthwhile.

As someone who has tracked IT security for years, it's fascinating to watch how a company with the resources and capabilities of Google approaches operating system and application security when it has such a green field starting point. With Chrome OS, Google has a luxury Microsoft does not: it doesn't have to support legacy, on-premise installed software or hardware. And the company can choose the hardware on which it runs.

Malware will certainly have a tougher time running on Chrome OS, than any version of Windows, Linux, or OS X. Though it won't make viruses and Trojans extinct, it could force them to evolve.

Yet, it doesn't strike me as a computing experience I'd be interested. For instance, I enjoy using my MacBook Air as primarily as Web surfing and application device - but there are a few dozen applications installed on the Air that I just won't give up - along with the power and flexibility to install any application of choice.

For my security and technology observations throughout the day, consider following me on Twitter.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "Elon, I think our cover's been blown."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31607
PUBLISHED: 2021-04-23
In SaltStack Salt 2016.9 through 3002.6, a command injection vulnerability exists in the snapper module that allows for local privilege escalation on a minion. The attack requires that a file is created with a pathname that is backed up by snapper, and that the master calls the snapper.diff function...
CVE-2021-31597
PUBLISHED: 2021-04-23
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other words, no certificate is ever rejected.
CVE-2021-2296
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2297
PUBLISHED: 2021-04-22
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.20. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2021-2298
PUBLISHED: 2021-04-22
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.23 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...