Learning Center
Plans & pricing Sign in
Sign Out
Get this document free

Chrome OS - RSA Conference


Chrome OS is a Google officially announced in a PC-based operating system development. Google Chrome OS is an open source operating system based on Linux. Google said on his official blog, the initial stage, the operating system will be targeted at netbooks, compact and low-cost PCs.Open-source software will be named the Chrome OS, Google held Chrome product launch in the United States on December 7, 2010, the conference officially released the Chrome Web store and Chrome OS.

More Info
									                    Chrome OS: Practical Security

                                       Will Drewry
                                       Sumit Gwalani

Session ID: ASEC-301
Session Classification: Intermediate
Build a more secure web browsing experience

                       Chrome OS

           Building a more secure web browser

     Minimizing system attack surface & exploitability

                   Secure Management

                 Usable security features

Chrome OS

Chrome OS

  Chrome has more than 160 Million active users today

      Speed            Simplicity         Security

  Chrome OS = Chrome running on specialized hardware
Chrome OS – fast to boot; fast always

    Computers Today        Nothing but the web

Chrome OS Simplicity – easy to use

Phase 0: Build a more secure

Chrome Sandbox
Chrome Security

• Safe Browsing
   o Block phishing sites
   o Block malware sites
• Browser sandbox
• Automatic updates
• No NPAPI native plugins
• Sandboxed Flash
Chrome Security (and it's ongoing...)

• Built-in certificate pinning
• Blocked HTTP auth for sub-resource loads on origin
• Strong JS random number API
• Content Security Policy support
       Phase 1: Minimize
attack surface and exploitability

Minimize firmware attack surface

• Only execute code that is checked
• Static root of trust model for providing a verified boot flow
• Read-only firmware checks mutable firmware
   o Only the header containing the signature is parsed
• Mutable firmware checks the OS kernel
   o Partition table (GPT) is parsed
   o Kernel header containing the signature is parsed
• No Option ROMs are supported
• No external boot devices are supported
Verified Boot flow

Verified Boot flow

Minimize OS attack surface

• Integrity checked system image chained to secure firmware
   o Ensures no code or data from the base system image is
     used without checking authenticity
   o W^X for mounted partitions
• Chrome sandboxing (See phase 0 :)
• Principle of least privileges for daemons
   o minimize "root" uids
   o use namespacing
   o ...
• Per-user encrypted "home" directories
Robustness to attack

(in addition to attack surface minimization)
• Automatic, authenticated updates
• Hardened toolchain
   o noexec stack/heap
   o address space layout randomization
   o stack protector
   o ...
• Read-only firmware backed recovery/reinstallation system
• Hardened kernel configuration
   Phase 2: Allow
secure management

Enterprise Policies

•   Content Control
•   Apps and Extensions
•   Browser Options
•   Browser Features
•   Omnibox Search Provider
•   Device Settings
•   Proxy Settings
•   User Experience
Enterprise Enrollment & Device Ownership

• Device "owner" is the first user to sign in
  o Unless device is enrolled into enterprise policies
  o Enterprise becomes the device "owner“

• Owner status enforcement is hardware-backed
  o Local/consumer is locked in "consumer mode"
  o Remote/enterprise is locked to a domain

• Lockable TPM NVRAM stores metadata for the lifetime of an
TPM Wrapped Keys

TPM is used to wrap all sensitive data

• User data encryption keys

• Enterprise wireless certificates

• VPN certificates

• Client certificates
What's coming up?

• Inventory Management

• Printer Management

• Network Configuration

• Status Monitoring and reporting

• And more…
Phase 3: Rinse and repeat

Minimizing the kernel attack surface

• Proposed Linux kernel feature to drop/block disallowed
   o Added to Chrome sandbox
   o Added to system isolation helper (minijail)
• Minimizes the services provided by the kernel to running
• And lots more…
Combining it all together...

Practical Security

 Defense in depth approach to build a more secure device for
web browsing
  Verified image on boot
 • Hardware-backed user data encryption
 • Super easy to sign in on the device
 • Guest account
 • Seamless automatic updates
 • Hardware-backed reinstall path
 • Developer Mode
 • Management - even on non-enterprise owned devices
Security Fundamentals

• Patch fast

• Release fast
  o 3 channels: Stable/Beta/Dev
  o New stable builds approximately every 6 weeks
  o security fixes more frequently

• Match Chrome browser's extremely high update rate

• Open source, never security-by-obscurity

• Leverage community experts
                     Instant web and forever new
     Chrome OS
                     Easy to use

Practical Security   Defense in depth

                     Verified Boot

                     Secure Management

To top