ChromeOS Security Overview
Written by Karolis Liucveikis on (updated)
If computers get hacked because of weaknesses in the operating system then why not remove the operating system to make them more secure?
That’s the simple principle behind ChromeOS, the open source operating system sponsored by Google.
There is only one program on ChromeOS: that is the Chrome browser. Everything else, like the ssh plugin, is a browser extension that you can get from the Chrome marketplace here. (You can see which extensions you have in Chrome by typing chrome://extensions/.)
Of course ChromeOS is an operating system too, since the Chrome browser cannot run by itself. There needs to be some software in place to respond when the power is turned on and to interact with the screen and storage and where someone plugs in a USB device.
But what Google has done in building ChromeOS is to get rid of some of the bad security practices that makes Windows, in particular, vulnerable to hacking. One of those design principles is to not allow one process to read the memory of another and to deny most processes access to devices. Another is to deny processes access to low-level functions, like deleting and writing files.
Cryptographic verification of the Operating System
The most important security feature of ChromeOS is the boot loader is stored in read-only memory (ROM) and the hardware verifies the signature of that, which is stored in a chip.
The boat loader is the mini OS that starts the computer just far enough until the the user can select which OS to run or until it runs the only one it finds.
To say that it is signed means that ChromeOS has run a hash function over the image to create a hashed value. When the OS boots it runs the same hashing function and compares that to the hashed value (i.e., the signature) stored in a chip of the device. If they differ then the bootloader has been tampered with. That’s what a hacker might do.
In that event, the OS will restore the boot image to the factory default. This also means someone cannot boot from a USB drive.
ChromeOS also checks the root file system the same way. (This raises the obvious question: if the boot loader is in ROM memory and if the signature is stored in a chip then how can Google push out updates to Chrome?)
Windows has the same feature which is why you have to disable Secure Boot if you want to replace Windows with Linux.
Isolate Processes in a Sandbox
Like Android, ChromeOS runs in a container. That is the way that Java works too. And that’s the way that container software, like Docker, used to install complex systems on servers, works as well.
What that means is commands can run and objects can only be created inside of the memory that is inside the container, which rides atop the operating system. So the hacker cannot gain access to the memory of other running programs since they are operating inside the Sandboxed containers. Accessing memory outside of running programs is the approach used by hackers when they use buffer overflow and similar attacks.
Chrome calls their container-approach Sandbox. That is an odd name since sandbox is an IT term that means where one deploys untested code that is still under development.
The ChromeOS Sandbox means that most ChromeOS processes are only allowed access to memory and the CPU. They cannot write changes to disk or interact with any devices. That’s the same design principle as SELINUX, which is a fork of Linux created by the NSA.
But at some point the OS needs low-level access to the USB device, screen, storage, etc. So if there are security issues with the container then the hacker can gain access to raw memory. So far there have been no widespread issues with that.
Who needs Windows?
A thinking person might come to the conclusion that if everything they do is on the cloud today then why do they need a $1,500 PC or $2,000 MAC that has processing power to run memory and CPU-intensive programs locally.
If the only program people use are the browser then why buy a computer that was built for the ancient past when people actually ran Outlook and Office on their PC or used something that takes a lot of resources like Photoshop? You can do all of that in the cloud now, using the browser.
But what about the analyst working on large and complex systems like Hadoop or Spark? The best way to approach that—now adopted by most companies as the cloud model—is to install those on a cloud server. Then use the ssh extension in Chrome to login to that or the Windows remote desktop (RDP) extension for Chrome.
The PC market is drying up. Microsoft is selling an increasing number of tablets with keyboards. That has become a bright spot for the company.
A table with a keyboard is what the $200 ASUS Chromebook is like, except it does not have a touch screen like the Microsoft Surface.
ASUS is cheap. One reason for that is ASUS does not have to pay Microsoft for Windows. And it’s incredible lightweight. So it’s like one of those very expensive slim Macs that people buy for panache, but without the lofty price tag.
The cheapest model ASUS could benefit from more memory and a better CPU. If you have ever looked at the many processes spawned by Chrome on Linux, and the large amount of memory it uses, you can see that Chrome, given lots of memory and CPU, will use that. So, buy a better Chromebook and ditch Windows and Mac. Put the money you saved in the bank. Or blow it on something else you do not need.
▼ Show Discussion