SunyIT

NCS320: Information Assurance Fundamentals Prof. Geethapriya Thamilarasu

Term Paper

Chrome OS: The Operating System for the next generation

Nothing but the net

Student: Studies: E-Mail:

Bob Sleys Network and Computer Security sleysr@sunyit.edu

Table of Contents
1 SECURITY: AN AFTERTHOUGHT OF THE COMPUTER INDUSTRY............1
1.1 COMPUTER SECURITY PAST TO PRESENT..........................................................................................1

2 CHROME OS................................................................................................................2 3 SECURITY....................................................................................................................3

3.1 BOOT-UP SECURITY HOLE............................................................................................................3 3.2 GOOGLE'S ANSWER TO THE BOOT-UP SECURITY HOLE........................................................................3 3.3 VERIFIED-BOOT.........................................................................................................................4 3.3.1 Start with a known good state......................................................................................4 3.3.2 Booting the Kernel.......................................................................................................5 3.4 SANDBOXING............................................................................................................................6 3.5 SYSTEM UPDATES......................................................................................................................7 3.6 DATA SYNCING.........................................................................................................................8

4 CHROME OS USER INTERFACE............................................................................8 5 CONCLUSION.............................................................................................................9 6 BIBLIOGRAPHY.........................................................................................................I

ii

List of Figures
Fig. 1: EEPROM..................................................................................................................5 Fig. 2: Disk Layout..............................................................................................................6 Fig. 3: Chrome Processes.....................................................................................................7 Fig. 4: Chrome Sync Preferences.........................................................................................8

List of Tables
Tab. 1: Web App replacements...........................................................................................8

Appendices

iii

List of Abbreviations and Symbols

PC BIOS OS TPM EEPROM OS Personal Computer Basic Input/Output System Operating System Trusted Platform Module Electrically Erasable Programmable Read-Only Memory Operating System

iv

1. Security: an afterthought of the computer industry

1 Security: an afterthought of the computer industry

Computer security has been an add-on or afterthought of the entire computer industry until Chrome OS. From the first operating system to the design of the internet, trust has been a given when it came to software design. For most of the history of computers, simply restricting access to the computer was all the security needed. With the advent of the internet that all changed. Even in the design of the protocols that run the internet, trust won out over security measures. In 2010 Google introduced Chrome OS and the CR-48 netbook. It is the first computer and operating system that was built with security as a primary design goal. 1.1 Computer security past to present Prior to the 1980's computers were owned by large corporations and government institutions. They were large machines taking up entire rooms. A computer was something heard about but rarely seen. In the early '80s the Personal Computer (PC), was introduced and started to make an appearance on desks. They were expensive and hard to use with little software available. Computers were generally used for a single purpose, such as word processing for administrative assistants. Security simply came down to having physical access to the machine and having the knowledge to use it. In the late '80s, the use of computers throughout the company expanded and local area networks started to connect computers together within the office. Security remained unchanged and limited to simple physical access to the machine. The '90s arrived and with it a whole new use for computers: the Internet. For the first time people were connecting computers to this new network that gave access to a vast array of information. Suddenly computers had access to far more information than could ever store on the PC itself. E-mail, web browsers and other applications that access the Internet proliferated. Computer use started to transition from software that runs on the computer to what could be accessed from the Internet. Computer security, or the lack of it became, a serious problem. For the first time simple limited physical access to the computer wasn't enough. With most computers connected to the Internet anyone anywhere could get access to the computer remotely without the owner or user ever being aware of it. A whole new industry was born out of the struggle between the bad guys (hackers) and the good guys (anti-virus vendors) over access to computers. A virtual war broke out over computer security. Viruses, worms, trojan horses and other malware spread through the Internet like wild-fire with no clear way to stop it. The hackers and other malicious users were out to steal information, identities or control of computers for other malicious intentions. Anti-virus vendors developed software intent on stopping hackers and malware from gaining control of computers. Suddenly, any minor flaw in any of the software running on a computer could mean a way for the hacker to gain access. All software got dragged into this war and

1. Security: an afterthought of the computer industry software vendors were way behind playing catch up. For years software developers got away with selling flawed software with little consequence. Software companies added new feature with little concern for minor flaws. Those flaws became security holes that gave hackers a way to gain access to computers. Next came the 2000's and computers were everywhere. People didn't play music on a portable CD-player any more but a tiny computer, an MP3 player. Cell phone replaced home and office phones and then turned into a smart phones, i.e. a pocket computer capable of running many programs. The security war escalated. By now, nearly everyone had some form of anti-virus program running on their computers but hackers still had the upper hand and remained a few steps ahead. Computer use transitioned from installed programs to running programs inside the web browser. Cloud Computing and Web Apps were born. Installing programs on the computer was no longer necessary, most work could be done right in the web browser. Computer use became more about what could be accessed or run in the web browser then what applications were installed on the PC itself. Computer use became about running one program, the web browser, no longer was it necessary to install anything else. In June '11 the computer and operating system of the next generation was officially released, Chrome OS and Chromebooks. With people using their computers for nothing but web access via a web browser, Google built an operating system that did nothing but run a web browser. This had far more ramifications than simply not allowing the user to install other programs. For the first time since the introduction of the Internet, hackers were at a disadvantage. People had an operating system, a whole PC, where security was part of its design and not an afterthought.

2 Chrome OS
Chrome OS is a new operating system developed by Google and released in June of 2011. Chrome OS differs in many ways from a traditional operating systems. First a few terms must be defined: Chrome OS The operating system developed by Google. This includes some proprietary software that requires the computer to have some special hardware. It is not available for download or purchase and can only be obtained by purchasing a ChromeBook or ChromeBox which has Chrome OS pre-installed. Chromium OS The open source project led by Google to develop Chrome OS. Chromium OS is Chrome OS without the proprietary software. Chromium OS is available for download and doesn't need any special hardware. ChromeBook A cross between a laptop and a netbook that includes Chrome OS preinstalled. ChromeBooks include all the special hardware that Chrome OS requires and adheres to Google's hardware specifactions. As of this writing ChromeBooks where available from Samsung and Acer.

2. Chrome OS ChromeBox Not yet released piece of hardware, intended to be the desktop version of the ChromeBook. Due to the specific hardware requirements of Chrome OS the terms ChromeBook and Chrome OS are often used interchangeably. In this paper, Chrome OS refers to the software and ChromeBook the hardware.

3 Security
Control of the computer starts the moment the power button is pressed. However, the operating system doesn't run when the computer starts. Computers and operating systems are two separate things. Since a computer needs an operating system, they often come bundled together. Computer retailers simply install an operating system on the computer to make it easer for the end-user. 3.1 Boot-up security hole When a computer starts, a special program built into the main board of the computer called the BIOS (Basic Input/Output System) is loaded into memory and run. The first thing the BIOS does is take inventory of the computer hardware: hard drives, video card, memory etc. Then some basic tests are run to confirm it is all in working order. The BIOS next needs to find the operating system and start it. The OS could be on a floppy disk, CD-ROM, DVD, memory stick, hard drive or any other device designated as bootable by the BIOS. Based on a priority order maintained in the BIOS the first bootable OS found is loaded into memory and run. A virus or other malware can replace the boot record information with its own code. The BIOS can not detect malware from a valid operating system. Once it is in place the malware can hide from the OS or any anti-virus program run in the OS. The only defence current operating systems have to this is to prevent the malware from infecting the system in the first place. However, one minor flaw in the OS or other program installed on the computer is all that is needed for the malware to infect the computer. This is the boot-up security hole. There are no security checks between the transfer of the BIOS to the OS. The boot-up security hole problem was escalated in September 2011 when the first BIOS level malware was discovered. 3.2 Google's answer to the boot-up security hole To fix this problem Google had to change the way computers booted. No longer could the BIOS and the OS be two totally independent entities. The BIOS has to verify the code being loaded into memory and run isn't malware. Everything must be verified before execution, this is what Google termed as Verified-Boot. 3.3 Verified-boot Verified-boot is Google's process for booting Chrome OS computers. It all starts from the moment the power button is pushed. Chrome OS first verifies the BIOS is in a known

3. Security good and unchanged state, i.e. no virus or other software has changed it. Once verified, the BIOS code is loaded and run. This process of verifying before loading and running is repeated throughout the entire boot process. 3.3.1 Start with a known good state To be able to verify code on boot-up, Chrome OS uses a Trusted Platform Module (TPM). TPM is a secure cryptoprocessor built into the motherboard capable of storing cryptographic keys. Each TPM has a unique RSA burned into it during manufacture. Chrome OS stores digital signatures of each piece of code in the TPM to verify no changes have taken place. Beginning the process presents a problem. If each piece of code needs to be verified by the prior code the security of the entire chain relies on the first link. Firmware (also known as BIOS) is stored on an EEPROM chip (Electrically Erasable Programmable Read-Only Memory), Fig. 1: EEPROM below. The EEPROM has a region of memory that can be write-protected by changing the connection of two pins on the chip. This prevents changes from being made to this portion of the chip's memory without having physical access to the chip. On the write protected portion of the EEPROM, Chrome OS stores the initial boot-up stub code that performs a minimal level of initialization and verification of the next piece of the boot code. Note a recovery firmware is also stored in this write-protected potion of the EEPROM, discussed in more detail below. Since this part of the EEPROM is write-protected, it can be trusted to be unaltered since physical access to the device is required to make changes. The writeable part of the EEPROM stores the next piece of the boot up code. Chrome OS stores two copies of this code as a backup. The backup copy can be used to continue with a normal boot in the case of corruption. Chrome OS also takes advantage of this duplication of code throughout the system to facilitate updates and recovery from failed installs or other corruption. Since the firmware is designed to load Chrome OS it can directly run the OS once the kernel is validated.

3. Security

Fig. 1: EEPROM [Firmware Boot and Recovery]

3.3.2 Booting the Kernel The file system, shown in Fig. 2: Disk Layout below, duplicates all key parts including: the partition table, kernel and root file system. Part of the boot-up process is choosing which of the two kernels to use and establishing recovery options when corruption occurs. This enables Chrome OS to recover from a corrupted or altered kernel by reverting to the backup copy. Chrome OS also uses the duplicate copies during system updates, covered in more detail below. Once the kernel is loaded, it follows the same process of verifying prior to running the rest of the OS contained in the root file system partition.

3. Security

Fig. 2: Disk Layout [Disk Format - The Chromium Projects.]

3.4

Sandboxing

When the Chrome bowser runs it doesn't run everything in the same process space. This can easily be seen by looking at the task manager (Fig. 3: Chrome Processes below) when the Chrome browser is running. Chrome runs each extension and browser tab in a separate process space. This isolates it from all the other processes. Any malicious code that might exist on a web page or in an extension doesn't have direct access to any other web page or extension. Some items on web pages are individually sandboxed such as the flash player and javascript.

3. Security

Fig. 3: Chrome Processes

3.5

System Updates

Chrome OS automatically downloads and installs updates for not only the web browser but all parts of the operating system. The whole update process happens seamlessly and invisibly. After installing an update a small green arrow is visible by the wrench icon in the web browser. Chrome OS maintains two copies of everything starting with the writeable part of the firmware on down to the OS. This allows Chrome OS to update the unused version of each copy leaving the currently running version untouched. On the next boot up the system will automatically switch to the newly installed versions and mark the earlier used versions as backups. This flip-flopping of active vs. backup allows Chrome OS to install new versions of itself without forcing the user to log off and do the install during shutdown and boot-up but also provides a back-up version if anything goes wrong. While most of the current operating systems can automatically install updates none can update the BIOS. The BIOS is updatedable on all computers, however, most users have no idea how to update it or have ever done it. Chrome OS does a firmware or BIOS update just as easily and invisibly as any other update.

4. Chrome OS User Interface

4 Chrome OS User Interface

The Chrome browser is the only user interface in Chrome OS. There is no Start button or menu of installed applications. There is nothing but the Chrome browser filling the screen, no icons, menus or desktop. Web apps and browser extensions replace installed applications. Shopping for new applications is as simple as clicking the Chrome Web Store icon on the new tab page of the browser. Installing apps is just like installing apps on a smart phone. Some Web app replacements for traditionally installed applications are listed below:
Office suite Google Docs Microsoft Office Live Zoho Accounting Picture Editing Wave accounting Outright Accounting Picnik Aviary Image Editor Tab. 1: Web App replacements docs.google.com www.officelive.com/en-us/ www.zoho.com waveaccounting.com outright.com picnik.com aviary.com

Nothing but the net does have its down sides. There is always the concern about what can be done with a Chromebook if no Internet access is available. Some apps have an offline mode including: GMail, Google Docs and games like Angry Birds. However, with WiFi and 3G built right in there arent many places that the Internet isn't accessible. 4.1 Data Syncing Chrome OS uses the Google user account system for logging in (OpenID is also planed). This not only provides a secure model for use accounting but also a cloud storage for data storage. Nearly all aspects of the browser can be synced. (Fig. 4: Chrome Sync Preferences below) Synced passwords, browser history and other information can also be encrypted.

4. Chrome OS User Interface

Fig. 4: Chrome Sync Preferences

Data syncing works with the Chrome browser running on any OS. This makes it possible to create a bookmark in a Chrome browser on a Windows machine and later open a Chromebook and have the bookmark available.

5 Conclusion
Web applications have come a long way in a few short years. Web e-mail is the notable exception. In the last few year everything from word processing to accounting to software development is now available on the Internet as a web application. The proliferation of web apps and Internet availability has made Chrome OS possible. There are still some short comings in web apps and some tasks that can't make the move to the web. The average computer user, however, will find enough to make it possible to use nothing but the net. Chrome OS tackles the security issues related to malware and provides a self-recovery process for when something does go wrong. No other OS can so easily be repaired if the worst does happen and no other OS will automatically start the process when it does. With a full-sized keyboard, a screen large enough for most tasks the form factor of the Chromebooks are just about perfect. The average user can make it though the day without plugging in due to the 6-8 hours of battery life. Tablets offer similar portability but lack a keyboard and the security features of Chrome OS. Chromebooks make it possible to create content not just content consumers. Companies and universities can migrate most of their IT support work off the desktop. They no longer need to worry about software installs or updates on the many desktop computers spread around the office. With the use of browser extensions, like the Citrix

5. Conclusion Receiver for Chromebook, users can remotely connect to legacy applications run on servers reducing IT maintenance and software licensing costs. Making the move to cloud computing and Web apps is something that older users have a harder time doing. Similar to the adoption of social networks like Facebook and Google+ living on the web will be more quickly adopted by younger users. The younger generation has an easier time trusting companies with their information. Facebook has an amazingly large database of information on each of its users that is continually being added to by each new post. Chrome OS is the operating system of the next generation. Current OS's all suffer from the same vulnerabilities and design flaws. Despite twenty years of fixes, patches and new versions, manufactures have been unable to solve the problem of malware or simple file corruption. Chrome OS doesn't just try to prevent bad things from happening but assumes it will happen and provides automatic self-recovery. Despite all the benefits of Chromebooks and Chrome OS, it will be slowly adopted by older users due to the nothing but net use model. Using nothing but the net requires the user to trust the cloud computing companies with personal information. Cloud computing and web apps are the future of computing and Chrome OS and Chromebooks are the platform for nothing but the web.

10

6 Bibliography
Disk Format - The Chromium Projects. (n.d.). The Chromium Projects. Retrieved November 16, 2011, from http://www.chromium.org/chromium-os/chromiumos-design-docs/diskformat Drewry, W., & Gwalani, S. (2011, July 29). Google Chrome Blog: Chromebook security: browsing more securely. Google Chrome Blog. Retrieved November 16, 2011, from http://chrome.blogspot.com/2011/07/chromebook-security-browsing-more.html Firmware Boot and Recovery - The Chromium Projects. (n.d.). The Chromium Projects. Retrieved November 16, 2011, from http://www.chromium.org/chromium-os/chromiumos-design-docs/firmware-boot-and-recovery Goodin, D. (2011, September 14). Malware burrows deep into computer BIOS to escape AV. The Register: Sci/Tech News for the World. Retrieved November 16, 2011, from http://www.theregister.co.uk/2011/09/14/bios_rootkit_discovered/ Reis, C. (2008, September 11). Chromium Blog: Multi-process Architecture. Chromium Blog. Retrieved November 16, 2011, from http://blog.chromium.org/2008/09/multi-process-architecture.html Sylvain, N. (2008, October 2). Chromium Blog: A new approach to browser security: the Google Chrome Sandbox. Chromium Blog. Retrieved November 16, 2011, from http://blog.chromium.org/2008/10/new-approach-to-browser-security-google.html Trusted Platform Module - Wikipedia, the free encyclopedia. (n.d.). Wikipedia, the free encyclopedia. Retrieved November 16, 2011, from http://en.wikipedia.org/wiki/Trusted_Platform_Module Verified Boot - The Chromium Projects. (n.d.). The Chromium Projects. Retrieved November 16, 2011, from http://www.chromium.org/chromium-os/chromiumos-design-docs/verified-boot