Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/20/2009
04:15 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Chrome OS Security: Initial Impressions

There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.

There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.In case you missed it, Google had made a big splash with Chrome OS yesterday. InformationWeek's Thomas Claburn covered it here and here.

Chrome OS is more specialized of an operating system than you're probably ever used on a PC. In fact, it's not designed for general use PCs, it's designed for Web devices. And it seems Chrome OS will only be available on the devices of its hardware partners, and will only run Web applications. As I understand the way it is now, users will not be able to install software on Chrome OS systems. There is either a Web application, or no application available for you.

With that focus, the benefits will certainly be speed and security. The drawbacks will be a significant loss of flexibility. For the near future, Chrome OS will live up to its promise and be useful primarily as a second PC for most people.

The Chrome OS will be hardened through a number of approaches, such as "process sandboxing." When sandboxed, every process will run in its own segment of memory. The idea is that, if that application is comprised, that compromise is limited to that specific application. Exploits, such of those made possible by buffer overflows, will be mitigated through things like No execute (NX) and Address Space Layout Randomization (ASLR).

Also, the root partition will be read-only, and user home directories won't be allowed to have executables, privileged executables, or device nodes. Locally stored user data will be encrypted.

Chrome OS will also employ something it's calling "Verified boot." Essentially, the kernel will validated that it hasn't been changed as it boots through cryptographic keys stored in firmware.

No new security concepts listed there, but being utilized in a limited, Web-only operating system certainly is new. And this should change the tactics attackers will use to grab data and infect systems.

One aspect of Chrome OS, as I learn its planned security capabilities, that opened by eyes is this rather proactive monitoring of operating system processes by Google. From Google's Security Overview document of Chrome OS:

Rendering pwned devices useless

We do not intend to brick devices that we believe to be hacked. If we can reliably detect this state on the client, we should just initiate an update and reboot. We could try to leverage the abuse detection and mitigation mechanisms in the Google services that people are using from their Chromium OS devices, but it seems more scalable to allow each service to continue handling these problems on its own.

This strikes me as quite draconian. You can make a city, or even an entire country, very secure by taking a zero-tolerance approach to crime and living under marshal law. But not everyone would find the trade off for that level of "safety" worthwhile.

As someone who has tracked IT security for years, it's fascinating to watch how a company with the resources and capabilities of Google approaches operating system and application security when it has such a green field starting point. With Chrome OS, Google has a luxury Microsoft does not: it doesn't have to support legacy, on-premise installed software or hardware. And the company can choose the hardware on which it runs.

Malware will certainly have a tougher time running on Chrome OS, than any version of Windows, Linux, or OS X. Though it won't make viruses and Trojans extinct, it could force them to evolve.

Yet, it doesn't strike me as a computing experience I'd be interested. For instance, I enjoy using my MacBook Air as primarily as Web surfing and application device - but there are a few dozen applications installed on the Air that I just won't give up - along with the power and flexibility to install any application of choice.

For my security and technology observations throughout the day, consider following me on Twitter.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.