Chromium OS Security
Chromium OS Security
Google Chrome OS is an open source operating system for people who spend most of their time on the web built around the core tenets of speed, simplicity and security. http://www.chromium.org
Content
0 ->
0.45 -> Hi.
0.63 -> I'm Will Drewry.
1.64 -> In this video, we'll be
discussing ideas we have for
3.4 -> creating an open operating
system that aims to be
5.1 -> secure by default.
6.44 -> Chromium OS is driven
by the fact that all
8.26 -> apps are web apps.
9.566 -> And because of that, we get a
lot of interesting security
11.82 -> features that we can
take advantage of.
14.72 -> Web apps are already
protected from each other.
16.52 -> It's just how the
internet works.
18.03 -> Every web app is on a domain
and each domain can't access
20.54 -> each other without jumping
through some crazy hoops.
23.12 -> And so we want that kind of
default security and we get
25.61 -> that for free from
the internet.
28.07 -> Now below that, we want to make
sure that things that go wrong
30.42 -> when web apps do bad things,
that we keep them isolated from
33.06 -> the system, and we do
that with a sandbox.
35.13 -> So we make sure that all the
code that's running to access
38.61 -> that external data, that
runs isolated from the
40.992 -> rest of the system.
41.38 -> And we root that, and we
make sure it runs into its
43.445 -> own process name space.
45.53 -> But it's kind of not enough.
46.89 -> That just stops one part.
48.23 -> We want to do it to the
whole system so we step
50.13 -> up a level, and we cover
what the browser needs.
53.3 -> So we see, does the browser
need to access this?
55.41 -> Does the browser need
to access that?
56.85 -> If it does, we give it
access, but that's it.
58.77 -> We limit it there.
59.82 -> And we do that using the same
approach we use for process
62.185 -> name spacing, but we apply
a bunch of other things.
64.14 -> We limit the capabilities.
65.44 -> We put it in secure no-root
jails, so there's no way
68.14 -> that it can ever access
superuser privileges.
70.41 -> And then as we move up, or
further down into the system,
73.38 -> there are system services, and
we want those isolated
75.3 -> the same way.
76.41 -> So we can use those same
tricks, but we can also apply a
80.22 -> globally-aggressive mandatory
access control scheme.
83.25 -> Normally, you can only do that
in a very pointed fashion.
85.49 -> You can apply it to one program
or another program, because
87.51 -> you know how they work.
89.58 -> But when you download something
new, it doesn't work.
91.66 -> So we get around that.
93.69 -> All the things we have are
known in advance, and we can
97.12 -> secure them appropriately.
98.59 -> Everything else is a web app.
100.48 -> Below the system services and
below the browser is where all
103.05 -> the files are, all the files
that run the browser, and all
104.955 -> the files that run those
services, and all the
106.43 -> configuration data.
107.93 -> So we keep all the root files
from the data, all the system
110.28 -> information on one partition.
112.08 -> And then all your data is kept
encrypted on another partition.
115.29 -> That means it makes it
really easy for us to
116.84 -> do system updates.
118.11 -> If we want to pull down some
extra information, we can just
120.53 -> pull it down, we can apply it,
and then reboot,
123.33 -> and you're good.
124.58 -> What's interesting, though,
is that we use multiple
126.4 -> partitions for this.
127.41 -> We keep a system partition, and
we keep a second system
129.46 -> partition, and when we download
and update, we check to make
131.7 -> sure that update's authentic,
and then we check what happened
134.75 -> in the original partition, and
then just update the
136.74 -> other partition.
138.09 -> When everything's done, then
we flip the switch, and
140.57 -> you're ready to go.
141.32 -> But if you interrupt it along
the way, that's not a problem.
143.575 -> You should be OK.
145.63 -> Even though we check the
signature on the auto update to
147.52 -> make sure no one's tampered
with it, we should
149.06 -> really be doing more.
149.74 -> We need to make sure that the
root file system hasn't been
151.82 -> changed since the last
time we updated it.
153.84 -> We want to make sure that all
the software we've installed
155.585 -> is exactly as it should be.
157.45 -> To do that, we look at the file
system in a block level, and
159.98 -> each block has been hashed.
161.46 -> And that cryptographic hash is
stored in a big binary blob at
163.85 -> the end of the file system.
165.21 -> That blob is then checked by
the kernel during boot to
167.4 -> make sure that nothing has
changed on the file system.
170.3 -> Checking the file system
isn't enough, though.
171.97 -> We have to make sure the
kernel hasn't been changed.
173.93 -> To do that, we can check
it with our firmware.
175.75 -> We have custom firmware
and that gives us that
177.9 -> really fast boot speed.
179.16 -> It also gives a small read-only
segment, and in that read-only
181.64 -> segment, we can store public
key, and we can store useful
185.17 -> secure recovery data.
186.96 -> That key can then check
anything that comes after it in
189.346 -> the boot path, and so we can
make sure that any changeable
191.73 -> firmware is up-to-date and as
we expect, and the
194.38 -> kernel is OK.
195.68 -> We know there are
going to be bugs.
196.85 -> We can't stop everything.
198.41 -> But we can make sure that if
something does happen, you
200.62 -> could reboot and
you'll be safe.
202.2 -> So the secure recovery
code is triggered by the
203.99 -> verified boot process.
205.31 -> If something's wrong and you
need to clean your system up,
207.48 -> you can boot right into it,
plug a USB stick in, and then
209.98 -> you'll know your system
is a known good state.
211.9 -> That concludes our overview
of what we have in mind.
214.63 -> We know it's not perfect and
there's a lot of room to
216.3 -> innovate, and we'd
like your help.
217.96 -> If you're a developer, put your
netbook in developer mode, and
220.21 -> come on over to chromium.org.
Source: https://www.youtube.com/watch?v=A9WVmNfgjtQ