With Chrome OS, Google says it has abandoned the traditional operating system security model and put its focus on using process isolation, verified boot, encryption and system hardening to protect users.
OS Nov. 19
and opened up about how its security strategy deviates
from the traditional model for securing today's operating
In a presentation, Google painted a picture of a slim operating system that uses
combination of sandboxing, encryption
of user data and a verified boot
process to protect users.
Google took some criticism earlier in 2009 when it made what some thought
were extraordinary claims
about Chrome OS-
namely that its "users don't have to
deal with viruses, malware and security updates." The claims touched off a
and many analysts
said at the time they expected Chrome OS to use its focus on supporting cloud
applications to its advantage.
This prediction turned out to be correct.
"All the end-user applications are Web applications, and Web
applications, as you know, have a different security model," explained
Google Engineering Director Matthew Papakipos. "Their security model is [that]
apps are treated at a system level as if they're fundamentally hostile ... Web
applications can't change files on your hard disk [and] can't reconfigure your
there are many things that Web applications
intentionally cannot do that give it a better security profile."
"What this security sandbox means is that every tab that you run in Chrome
OS is running completely locked down and separated from the other tabs on the
system, but also from the underlying operating system," Papakipos continued.
"We've protected the OS from Web applications [and] we've protected the Web applications from each
But Chrome OS' security actually begins with a process Google
calls verified boot, where the system checks to make sure the user is
running the most current version of the operating system.
"The essence of the verified boot process is that every time that you
boot, we double-check to make sure that you are running what you should be
running," he said. "So the basic concept is that [all components] of
software in Chrome OS, from the firmware to the kernel to Chrome itself to the
whole root file system, have what's called a cryptographic signature attached
If a problem is detected with the signature, the system offers to reboot and
then automatically downloads any necessary patches. At the file system level,
Google made the root partition read-only, and everything on the user partition
is encrypted, Papakipos said.
"This means that if some bad guy gets it, opens up your machine with a
screwdriver, pulls out the drive [and] puts it in another computer, they'll
have a very hard time reading those bits," he said. "As with all
security, anything can be cracked, but we've made it very, very difficult."
More technical detail on how Google has hardened the operating system can be
Sundar Pichai, vice president of product management at Google,
said the company is aiming to release a netbook running on Chrome OS around the
end of 2010. While no operating system is going to be totally secure, it
is possible to do better than the industry is today, he said.
"Security is not an abstract issue; it really
makes a difference in the lives of people," Pichai said. "People
struggle a lot with issues with their computers, so we really want to make it