Introduction To Operating System Security In Chromium Os Computer Science Essay
Operating system is the field in computer science which sees major changes as it has to keep up with the user demands and the advancements in technology. Cloud computing is one such aspect which changed the architecture and concept of the operating system. People in this era, live on the internet and the time wasted in the operating system to boot are the main reason behind the development of Cloud based operating system. Google has come up with an operating system based on this concept. Google chrome operating system is a Linux based operating system and is developed basically for people who spend much of their time working inside a browser. The web had evolved from text pages to rich, interactive applications, so people do not actually need a browser but a modern platform for web pages and applications which is provided by the Chromium OS. Chromium OS is very fast, simple and is designed in such a way to provide a new level of security which is the main feature of this operating system. It uses a technique called ‘Process sandboxing’ to provide high security. Google has completely redesigned the security architecture of the OS so that user doesn’t have to deal with viruses, malware and security updates.
Introduction
Cloud computing is the future, as everything is moving into the cloud and so is the operating system. There are many operating systems based on cloud computing such as Eye OS, Amoeba OS, Corneli OS, and Lucid Desktop etc. Google had also come up with its version of such kind of operating system in July, 2009 named as Google Chrome OS.
Google provides the open source version of the operating system as ‘The Chromium OS’ which can be downloaded from the internet and used primarily by developers to checkout, modify and build. Google Chrome OS is the product owned by the Google which is developed by the Google developers. In other words, Google Chrome OS is supported by Google and its partners; Chromium OS is supported by the open source community. The two projects fundamentally share the same code base [1].
Features of the Chromium Operating System:
Speed : The main feature of this operating system is its enormous speed. It takes only few seconds to restart or turn off. It takes only 5 seconds to boot up, and Google is trying to reduce it further.
Simplicity : The operating system is a child’s play in operation. Even a small kid can operate it, with full intelligence. It is simpler to use as compared to Linux, as it shares the same interfaces as the Chrome browser.
High Security : The main and the most important feature of this OS, is its security level. It uses ‘Process sandboxing’ technique to provide high security. Chromium OS security strives to protect against an opportunistic adversary through a combination of system hardening, process isolation, continued web security improvements in Chromium, secure autoupdate, verified boot, encryption, and intuitive account management [2].
Virus Free : Another important feature of Chromium OS is that, it will reboot itself if any malware or corrupt programs are detected while booting up. Thus, providing a virus free environment to work on.
Guiding Principles for Security
Chrome OS has various numbers of security features. Some of them can be listed as process isolation, secure autoupdate, verified boot, encryption and more. The main goal of Google is to make the system secure and easy to use. They followed four guiding principles to achieve this goal.
The perfect is the enemy of the good – According to Google, no security solution can ever be perfect, unanticipated problems are always there. As an instance due to unexpected interactions of complex systems or because of bugs that weren’t caught during testing. Google believes that the “search for some mythical perfect system should not stop them from shipping something that is still very good”[3].
Deploy defenses in depth – As a result of the first guideline, Chrome OS will employ several different lines of defense. Chrome OS will make it hard for attackers to get into the system, but Google still assumes they will. As such, the next line of defense will make it very hard for attackers to turn a user account exploit into a root or kernel exploit. As a last line of defense, Chrome OS will make it hard for attackers to remain on the system by preventing him from adding services or accounts to the system, and by making it impossible to re-compromise the system after a reboot[3].
Make it secure by default – Google states that security is not an option, nor is it an advanced feature. “Until now, the security community has had to deploy solutions that cope with arbitrary software running on users’ machines,” Google claims, “As a result, these solutions have often cost the user in terms of system performance or ease-of-use.” Google explains that because they know which software should be running on a Chrome OS device, they can better keep the system safe[3].
Don’t scapegoat our users – This is one that I particularly like. Google states that the web is a complicated system of complex overlapping standards, and that it is no surprise that users have trouble keeping their machine safe while using it. Google clearly states that this is not the user’s fault. “We’re working to figure out the right signals to send our users, so that we can keep them informed, ask fewer questions, require them to make decisions only about things they comprehend, and be sure that we fail-safe if they don’t understand a choice and just want to click and make it go away,” the company says[3]
Software Architecture
Fig. 1 : Firmware of Chromium OS [4].
The Linux Kernel is above the firmware which is the base of the Chromium OS. Behind the Chromium OS’s high security and fast boot up, firmware plays an important role. This is made possible by removing unnecessary components in the hardware, which helps in fast booting up and adding support that verifies the firmware every time it boots up, which improves the security as the firmware may become corrupt. System Recovery’s support is also added into the firmware itself.
The functionality of Firmware :
System Recovery : If the system gets corrupted or damaged, in that event, Recovery Firmware can re-install the operating system.
Verified Boot : Every time the system boots, the OS checks the version of firmware and updates it, if any update is available.
Fast Boot : Fast boot path is provided by removing complexities in firmware to achieve speed.
Boot loader during boot up has the basic information about the operating system which is used to load content from the main memory in a conventional operating system.
Security Requirements
Chromium OS is designed especially for users which uses computers for only connecting to the internet. So, rather than downloading and installing programs, they must be run into the web browser and stored on the internet. As Chromium OS is lightweight, it can be used as a secondary work computer. It is basically used when one has to access data from different devices, which can be public or private. Due to all such usage targets, it has to face certain security requirements.
The owner can only access his data and can give rights to users of his choice. In the event of device loss or theft, the user can easily recover his data. Other user can’t access another user’s data by mistake or willingly. In an event of attack, which results in a change in system files, recovering should be as easy as rebooting. The user should be safe from security bug and an updates, by just rebooting the system. There must be a defense against malevolent websites and attackers on the network.
The Chromium OS relies on many of the same security features and concepts used by the Google Chrome browser. In this all applications run within the browser.
Security Features
Web app-based model
Fig. 2 : Web app-based model[5]
As, all applications are web applications, so, there are a lot of interesting security features that Chromium OS can take advantage of. Every web application is on domain, and each domain can’t access each other, and Google Chrome OS uses that kind of default security and it gets that for free from the internet. Chrome relies strongly on sandboxing, which keeps different processes and application in separate partitions, which limits the interaction between applications and the OS kernel. The technique of process sandboxing is alike of the Windows security model. Each process is allotted a unique access token, which is like an ID card by the operating system, which is used by the system to deny or grant access to resources such as files, registry keys, events and semaphores. The access token consists of information about the process’s owner, the list of groups that it belongs to and a list of privileges. When a process requires the availability of common resources, the OS decides the availability of the token and allots the appropriate resources to the process thus, avoiding the interference of processes with the resources at the same time[6].
Keeping data safe and up-to-date
Fig. 3 : Update mechanism [5]
In Chromium OS, system information is put on one partition and user’s data is encrypted and saved on other partition. It really eases the system update, and for this Chromium OS uses multiple partitions. It keeps a system partition and a second system partition and it download and updates and then, make sure the updates are done. When everything is done, the switch is flipped and the OS is ready to go.
Verified boot
Fig. 4 : Verified Boot Mechanism [5]
Chromium OS make sure that the file system has not been changed, since the last time it was updated. It makes sure that all the softwares installed are the one, installed by it. It does that at the process block level, and each block is hashed and cryptographic hash is stored in big binary blobs at the end of the file system. The blob is then checked by the kernel, during boot to make sure that nothing has been changed in the file system. Checking whether the kernel has been changed is also important, along with checking the file system. Firmware is used to check it. Chromium OS has custom firmware which provides the fast boot speed and also provides a small read only segment. It stores public key and useful secure recovery data in this read only segment. This key can uncheck anything that comes after it in the booth path and so, Chromium OS can thus check, whether the changeable firmware up to date and thus the kernel is good.
Reboot and safety
Fig. 5 Reboot and safe mechanism [5].
Even after taking such a level of security, bugs can’t be avoided. So, Chromium OS has the feature of rebooting the system and thus acquires safety. It uses verified boot process to trigger the security cover code. If something bad happens and a system needs a cleanup, a USB stick can be plugged in to boot right into the good state.
Security Limitations
Process Sandboxing has some limitations also. Important applications sometimes can’t run in a given sandbox, because the sandbox interferes with their access to some critical resource or system function, for example, access to user data files.
Sometimes, other users configure the registry values which open the resources to vicious programs. Process sandboxing has a limitation, of not able to fix this problem.
As the source code is open for all including the intruders so they will get access to internal scheme of the Chromium OS.
Conclusion
Many of the tools and techniques for securing the Chrome OS are available to Linux users today.
Chromium OS has a market for the users who needs to access the data on the go and are always connected to internet. Thus, the Chrome OS will not be of much use if the internet connection is down. People are reluctant to store their important data on Google’s datacenter as Google will always have the liberty to access it. So, it is critical for Chrome OS to enable some local file storage
Chromium OS is not for hardcore gamers but primarily for office use.
Chromium OS is a young product and will need months or even years to form and perfect.
Order Now