Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/20/2009
04:15 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Chrome OS Security: Initial Impressions

There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.

There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.In case you missed it, Google had made a big splash with Chrome OS yesterday. InformationWeek's Thomas Claburn covered it here and here.

Chrome OS is more specialized of an operating system than you're probably ever used on a PC. In fact, it's not designed for general use PCs, it's designed for Web devices. And it seems Chrome OS will only be available on the devices of its hardware partners, and will only run Web applications. As I understand the way it is now, users will not be able to install software on Chrome OS systems. There is either a Web application, or no application available for you.

With that focus, the benefits will certainly be speed and security. The drawbacks will be a significant loss of flexibility. For the near future, Chrome OS will live up to its promise and be useful primarily as a second PC for most people.

The Chrome OS will be hardened through a number of approaches, such as "process sandboxing." When sandboxed, every process will run in its own segment of memory. The idea is that, if that application is comprised, that compromise is limited to that specific application. Exploits, such of those made possible by buffer overflows, will be mitigated through things like No execute (NX) and Address Space Layout Randomization (ASLR).

Also, the root partition will be read-only, and user home directories won't be allowed to have executables, privileged executables, or device nodes. Locally stored user data will be encrypted.

Chrome OS will also employ something it's calling "Verified boot." Essentially, the kernel will validated that it hasn't been changed as it boots through cryptographic keys stored in firmware.

No new security concepts listed there, but being utilized in a limited, Web-only operating system certainly is new. And this should change the tactics attackers will use to grab data and infect systems.

One aspect of Chrome OS, as I learn its planned security capabilities, that opened by eyes is this rather proactive monitoring of operating system processes by Google. From Google's Security Overview document of Chrome OS:

Rendering pwned devices useless

We do not intend to brick devices that we believe to be hacked. If we can reliably detect this state on the client, we should just initiate an update and reboot. We could try to leverage the abuse detection and mitigation mechanisms in the Google services that people are using from their Chromium OS devices, but it seems more scalable to allow each service to continue handling these problems on its own.

This strikes me as quite draconian. You can make a city, or even an entire country, very secure by taking a zero-tolerance approach to crime and living under marshal law. But not everyone would find the trade off for that level of "safety" worthwhile.

As someone who has tracked IT security for years, it's fascinating to watch how a company with the resources and capabilities of Google approaches operating system and application security when it has such a green field starting point. With Chrome OS, Google has a luxury Microsoft does not: it doesn't have to support legacy, on-premise installed software or hardware. And the company can choose the hardware on which it runs.

Malware will certainly have a tougher time running on Chrome OS, than any version of Windows, Linux, or OS X. Though it won't make viruses and Trojans extinct, it could force them to evolve.

Yet, it doesn't strike me as a computing experience I'd be interested. For instance, I enjoy using my MacBook Air as primarily as Web surfing and application device - but there are a few dozen applications installed on the Air that I just won't give up - along with the power and flexibility to install any application of choice.

For my security and technology observations throughout the day, consider following me on Twitter.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This is not what I meant by "I would like to share some desk space"
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28452
PUBLISHED: 2021-01-20
This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-http-session:core_2.13 from 0 and before 0.6.1. CSRF protection can be bypassed by forging a request ...
CVE-2020-28483
PUBLISHED: 2021-01-20
This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header.
CVE-2021-21269
PUBLISHED: 2021-01-20
Keymaker is a Mastodon Community Finder based Matrix Community serverlist page Server. In Keymaker before version 0.2.0, the assets endpoint did not check for the extension. The rust `join` method without checking user input might have made it abe to do a Path Traversal attack causing to read more f...
CVE-2020-25686
PUBLISHED: 2021-01-20
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same...
CVE-2020-25687
PUBLISHED: 2021-01-20
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This...