Chrome OS - RSA Conference

Document Sample
Chrome OS - RSA Conference Powered By Docstoc
					                    Chrome OS: Practical Security


                                       Will Drewry
                                       Sumit Gwalani
                                       Google




Session ID: ASEC-301
Session Classification: Intermediate
Build a more secure web browsing experience


                       Chrome OS



           Building a more secure web browser



     Minimizing system attack surface & exploitability



                   Secure Management



                 Usable security features


                            2
Chrome OS




    3
Chrome OS


  Chrome has more than 160 Million active users today




      Speed            Simplicity         Security


  Chrome OS = Chrome running on specialized hardware
Chrome OS – fast to boot; fast always

    Computers Today        Nothing but the web




                       5
Chrome OS Simplicity – easy to use




                      6
Phase 0: Build a more secure
          browser




             7
Chrome Sandbox
Chrome Security

• Safe Browsing
   o Block phishing sites
   o Block malware sites
• Browser sandbox
• Automatic updates
• No NPAPI native plugins
• Sandboxed Flash
Chrome Security (and it's ongoing...)

• Built-in certificate pinning
• HSTS
• Blocked HTTP auth for sub-resource loads on origin
  mismatch
• Strong JS random number API
• Content Security Policy support
       Phase 1: Minimize
attack surface and exploitability




                11
Minimize firmware attack surface


• Only execute code that is checked
• Static root of trust model for providing a verified boot flow
• Read-only firmware checks mutable firmware
   o Only the header containing the signature is parsed
• Mutable firmware checks the OS kernel
   o Partition table (GPT) is parsed
   o Kernel header containing the signature is parsed
• No Option ROMs are supported
• No external boot devices are supported
Verified Boot flow




                     13
Verified Boot flow




                     14
Minimize OS attack surface


• Integrity checked system image chained to secure firmware
   o Ensures no code or data from the base system image is
     used without checking authenticity
   o W^X for mounted partitions
• Chrome sandboxing (See phase 0 :)
• Principle of least privileges for daemons
   o minimize "root" uids
   o use namespacing
   o ...
• Per-user encrypted "home" directories
Robustness to attack

(in addition to attack surface minimization)
• Automatic, authenticated updates
• Hardened toolchain
   o noexec stack/heap
   o address space layout randomization
   o stack protector
   o ...
• Read-only firmware backed recovery/reinstallation system
• Hardened kernel configuration
   Phase 2: Allow
secure management




        17
Enterprise Policies


•   Content Control
•   Apps and Extensions
•   Browser Options
•   Browser Features
•   Omnibox Search Provider
•   Device Settings
•   Proxy Settings
•   User Experience
Enterprise Enrollment & Device Ownership


• Device "owner" is the first user to sign in
  o Unless device is enrolled into enterprise policies
  o Enterprise becomes the device "owner“

• Owner status enforcement is hardware-backed
  o Local/consumer is locked in "consumer mode"
  o Remote/enterprise is locked to a domain

• Lockable TPM NVRAM stores metadata for the lifetime of an
  install
TPM Wrapped Keys


TPM is used to wrap all sensitive data

• User data encryption keys

• Enterprise wireless certificates

• VPN certificates

• Client certificates
What's coming up?


• Inventory Management

• Printer Management

• Network Configuration

• Status Monitoring and reporting

• And more…
Phase 3: Rinse and repeat




            22
Minimizing the kernel attack surface


• Proposed Linux kernel feature to drop/block disallowed
  syscalls
   o Added to Chrome sandbox
   o Added to system isolation helper (minijail)
• Minimizes the services provided by the kernel to running
  software
• And lots more…
Combining it all together...




             24
Practical Security


 Defense in depth approach to build a more secure device for
web browsing
  Verified image on boot
 • Hardware-backed user data encryption
 • Super easy to sign in on the device
 • Guest account
 • Seamless automatic updates
 • Hardware-backed reinstall path
 • Developer Mode
 • Management - even on non-enterprise owned devices
Security Fundamentals


• Patch fast

• Release fast
  o 3 channels: Stable/Beta/Dev
  o New stable builds approximately every 6 weeks
  o security fixes more frequently

• Match Chrome browser's extremely high update rate

• Open source, never security-by-obscurity

• Leverage community experts
                     Instant web and forever new
     Chrome OS
                     Easy to use

Practical Security   Defense in depth

                     Verified Boot

                     Secure Management

				
DOCUMENT INFO
Shared By:
Tags: Chrome
Stats:
views:46
posted:4/4/2012
language:English
pages:27
Description: Chrome OS is a Google officially announced in a PC-based operating system development. Google Chrome OS is an open source operating system based on Linux. Google said on his official blog, the initial stage, the operating system will be targeted at netbooks, compact and low-cost PCs.Open-source software will be named the Chrome OS, Google held Chrome product launch in the United States on December 7, 2010, the conference officially released the Chrome Web store and Chrome OS.