Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

11/20/2009
04:15 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Chrome OS Security: Initial Impressions

There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.

There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.In case you missed it, Google had made a big splash with Chrome OS yesterday. InformationWeek's Thomas Claburn covered it here and here.

Chrome OS is more specialized of an operating system than you're probably ever used on a PC. In fact, it's not designed for general use PCs, it's designed for Web devices. And it seems Chrome OS will only be available on the devices of its hardware partners, and will only run Web applications. As I understand the way it is now, users will not be able to install software on Chrome OS systems. There is either a Web application, or no application available for you.

With that focus, the benefits will certainly be speed and security. The drawbacks will be a significant loss of flexibility. For the near future, Chrome OS will live up to its promise and be useful primarily as a second PC for most people.

The Chrome OS will be hardened through a number of approaches, such as "process sandboxing." When sandboxed, every process will run in its own segment of memory. The idea is that, if that application is comprised, that compromise is limited to that specific application. Exploits, such of those made possible by buffer overflows, will be mitigated through things like No execute (NX) and Address Space Layout Randomization (ASLR).

Also, the root partition will be read-only, and user home directories won't be allowed to have executables, privileged executables, or device nodes. Locally stored user data will be encrypted.

Chrome OS will also employ something it's calling "Verified boot." Essentially, the kernel will validated that it hasn't been changed as it boots through cryptographic keys stored in firmware.

No new security concepts listed there, but being utilized in a limited, Web-only operating system certainly is new. And this should change the tactics attackers will use to grab data and infect systems.

One aspect of Chrome OS, as I learn its planned security capabilities, that opened by eyes is this rather proactive monitoring of operating system processes by Google. From Google's Security Overview document of Chrome OS:

Rendering pwned devices useless

We do not intend to brick devices that we believe to be hacked. If we can reliably detect this state on the client, we should just initiate an update and reboot. We could try to leverage the abuse detection and mitigation mechanisms in the Google services that people are using from their Chromium OS devices, but it seems more scalable to allow each service to continue handling these problems on its own.

This strikes me as quite draconian. You can make a city, or even an entire country, very secure by taking a zero-tolerance approach to crime and living under marshal law. But not everyone would find the trade off for that level of "safety" worthwhile.

As someone who has tracked IT security for years, it's fascinating to watch how a company with the resources and capabilities of Google approaches operating system and application security when it has such a green field starting point. With Chrome OS, Google has a luxury Microsoft does not: it doesn't have to support legacy, on-premise installed software or hardware. And the company can choose the hardware on which it runs.

Malware will certainly have a tougher time running on Chrome OS, than any version of Windows, Linux, or OS X. Though it won't make viruses and Trojans extinct, it could force them to evolve.

Yet, it doesn't strike me as a computing experience I'd be interested. For instance, I enjoy using my MacBook Air as primarily as Web surfing and application device - but there are a few dozen applications installed on the Air that I just won't give up - along with the power and flexibility to install any application of choice.

For my security and technology observations throughout the day, consider following me on Twitter.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16123
PUBLISHED: 2020-12-04
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by...
CVE-2018-21270
PUBLISHED: 2020-12-03
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
CVE-2020-26248
PUBLISHED: 2020-12-03
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
CVE-2020-29529
PUBLISHED: 2020-12-03
HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks.
CVE-2020-29534
PUBLISHED: 2020-12-03
An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.