2. 2
CONTENTS
• WHAT IS AN OPERATING SYSTEM?
• CURRENT SCENARIO
• CHROME OS:INTERNET OS
• ORIGIN
• CHROME OS:IN DEPTH
• FURTHER DEVELOPMENT
• ADVANTAGES
• LIMITATIONS
• CONCLUSION
• REFERENCES
3. 3
• Program designed to
run other programs.
• Main Roles :
1. IO management
2. Processor management
3. File management
4. Memory management
WHAT IS AN OPERATING SYSTEM?
4. 4
CURRENT SCENARIO
Market Position in Terms of OS
• Until now 58 stable standard
OS released.
• Most of them have GUI and
Network connectivity.
• Windows Operating Systems
share most of the Market.
5. 5
Tim O’Reilly defines:
‘simply use our facilities, and
the complexity will go away’
thing is Internet OS. [1]
• An OS designed by Google
to work exclusively with
web applications.
• Extension of Chrome
Browser and Android.
• It is an open source,
lightweight OS.
• First OS dedicated to
Internet.
CHROME OS:INTERNET OS
7. 7
ORIGIN
•Google developers began coding the operating system in 2009.
[2]
•To ascertain marketing requirements for an OS focused on
netbook Web transactions, Google did not do the usual
demographic research generally associated with a large software
development project.[2]
• Instead, engineers relied on more informal metrics, including
monitoring the usage patterns of some 200 Chrome OS
machines used by Google employees.[2]
8. 8
ORIGIN
•Inspired by the growing popularity and lower power
consumption of netbooks and the focus of these small
laptops on Internet access.
•Based on the Google Chrome Browser.
9. 9
CHROME OS:IN DEPTH
•GENERAL
I. SOFTWARE ARCHITECTURE
•SECURITY
I. SECURITY OVERVIEW
II. PROTECTING CACHED USER DATA
•FIRMWARE
I. FAST BOOT
II. VERIFIED BOOT
III. SECURE BOOT
•PLATFORM
I. FILE SYSTEM AUTO UPDATE
10. 10
SOFTWARE ARCHITECTURE
Chromium OS consists of three major components:
1.The Chromium-based browser and the window manager. [3]
2.System-level software and user-land services: the kernel, drivers, connection
manager, and so on. [3]
3.Firmware . [3]
11. 11
SOFTWARE ARCHITECTURE
FIRMWARE
Implements the following functionalities:-
System recovery: Re-install OS in adverse conditions. [3]
Verified boot: Each time the system boots, Chromium OS verifies different
components. [3]
Fast boot: Improved Boot performance. [3]
13. 13
SECURITY OVERVIEW
•Chromium OS has been designed from the ground up with
security in mind.
•Security is not a one-time effort, but rather an iterative
process that must be focused on for the life of the operating
system. [4]
•The goal is that, should either the operating system or the
user detect that the system has been compromised, an update
can be initiated, and—after a reboot—the system will have
been returned to a known good state. [4]
14. 14
SECURITY OVERVIEW
SECURE AUTOUPDATE
•Signed updates are downloaded over SSL. [4]
•Version numbers of updates can't go backwards. [4]
•The integrity of each update is verified on subsequent boot,
using Verified Boot. [4]
15. 15
SECURITY OVERVIEW
VERIFIED BOOT
•Verified boot provides a means of getting cryptographic
assurances that the Linux kernel, non-volatile system memory,
and the partition table are untampered with when the system
starts up. [4]
1.Firmware-based verification
2.Kernel-based verification
16. 16
SECURITY OVERVIEW
• Applications have permission
same as user.
• Can communicate with each
other easily.
• Web application have limited
permission.
• They are treated as untrusted
apps and run in Encapsulated
environment.
Traditional OS Chrome OS
17. 17
SECURITY OVERVIEW
BROWSER SANDBOX
•To help defend against an attacker who exploits a vulnerability
in the rendering engine, Chromium runs each rendering engine
in a sandbox. [5]
•This sandbox restricts the rendering engine's process from
issuing some system calls that could help the attacker reach the
goals. [5]
18. 18
SECURITY OVERVIEW
FUTURE WORK
Biometrics
•Google is keeping an eye on biometric authentication technologies
as they continue to become cheaper and more reliable, but at this
time they believe cost/reliability tradeoffs is not where it needs to be
for the target users. [4]
• They expect these devices to be covered in their users' fingerprints,
so a low-cost fingerprint scanner could actually increase the
likelihood of compromise. [4]
•They were able to break into one device that used facial recognition
authentication software just by holding it up to the user's photo. [4]
19. 19
PROTECTING CACHED USER DATA
•Chromium OS devices are intended to be both portable and
safely shared. As a result, privacy protection for user data
stored on the local disk is a requirement for a Chromium-based
OS. [6]
•Privacy protection for user data stored on a local disk is
accomplished via system-level encryption of users' home
directories. [6]
20. 20
PROTECTING CACHED USER DATA
•Chromium OS uses the eCryptfs stacked file system with per-
user vault directories and keysets to separate and protect each
user’s cached data. [6]
•Cache data is Encrypted using image file per user which is
locked and encrypted. [6]
24. 24
VERIFIED BOOT
•It starts with a read-only portion of firmware, which only
executes the next chunk of boot code after verification. [9]
•Ensures that all executed code comes from the Chromium OS
source tree, rather than from an attacker or corruption. [9]
•Focused on stopping the opportunistic attacker.
• It uses stored cryptographic hashes and may be compatible
with any trusted kernel. [9]
29. 29
VERIFIED BOOT
• Digital Signatures are provided for every firmware update
• If malware found System recovers itself to clean image
30. 30
SECURE BOOT
•Only Chrome OS BIOS will implement secure boot from first
power-on. [10]
•Portions of the firmware are read-only, forming the basis of
trust to validate the read/write portions of the firmware. [10]
•Once the firmware has been validated, boot process is
continued by reading the kernel from the disk. [10]
31. 31
SECURE BOOT
Selecting the kernel
•There are at least two kernel partitions, to support
autoupdate and accidental corruption. [10]
•Each kernel partition is paired with a rootfs partition; kernel A
should only boot rootfs A, kernel B should only boot rootfs B,
etc. [10]
•Using a Google-supplied library (in
src/platform/vboot_reference/firmware), the BIOS searches
the GPT to find the Chrome OS kernel with the highest Priority
value and then runs the following checks on it:
32. 32
SECURE BOOT
1.Check that (Successful Boot Flag == 1) or (Tries Remaining > 0).
2.If Successful Boot Flag == & Tries Remaining == 0, lower the Priority to 0 and
find the next kernel. This was a kernel that failed its last boot try.
3.Check the kernel signature header. If it’s invalid, and (Tries Remaining > 0),
set Tries Remaining = Priority = 0 and find the next kernel.
4.Begin copying the kernel blob into RAM.
5.Check the kernel blob signature as it’s copied. If it’s invalid, set Priority = 0
and find the next kernel.
6.If Tries Remaining > 0, decrement the Tries Remaining value in the partition
table.
7.Invoke the bootstub, which then launches the kernel.
If no valid kernel is found, we can’t boot this device.
34. 34
FILE SYSTEM AUTO-UPDATE
•The autoupdate mechanism aims to provide seamless and
secure updates to the latest version of Chromium OS without
user interaction. [11]
•Updates usually come in the form of deltas which are
downloaded to a backup boot partition. Upon reboot, the
backup partition becomes the primary. [11]
•In case there is a problem with the update, the system can
revert to using the previous partition. [11]
38. 38
FURTHER DEVELOPMENT
• Open Source project named ‘Chromium’
started .
• Open Source Communities are adding code
to Chromium
• Google Developers and Open Source
Developers are working on same tree for
betterment of OS
• Google is working with OEM to make
Chrome OS machines available in market at
the end of this year
• Expected that Chrome OS and Android will
converge together
39. 39
ADVANTAGES
•Free, Open Source : Lots of opportunity for developers
•One of the main advantages of Chrome OS over its
competitors, primarily, would be the system requirements.
•Low hardware cost.
•Record time of about 6-7 seconds to load the OS.
40. 40
LIMITATIONS
•The OS is designed to specifically target the Internet
generation so it won't be as successful in the short term.
•Users wont be able to use it unless they have access to high
speed internet.
• If there are problems with connection, Chrome OS becomes
virtually helpless.
• Most data of the user not stored on local drives but in the
cloud that is in the network.
41. 41
Is the world ready for Web OS?
•Back in 1995, Netscape cofounder Marc Andreessen predicted
that his fledgling Web browser would one day render Windows
obsolete. [12]
•Fifteen years later, Netscape is long gone, and the traditional
desktop OS remains firmly established on most personal
computers. [12]
•A Web OS offers enormous promise, potentially, it could take
the best of the Web combining it with the advantages of
desktop applications & sidestep many of the security &
compatibility issues currently plaguing desktop OS’s. [12]
42. 42
Is the world ready for Web OS?
•As Web sites take advantage of improved client side
technologies, browsers must cope with a growing range of
performance, reliability, and security issues. [12]
•With various netbooks running Google’s Chrome OS, user
interaction will take place through a browser or Web-based
applications. [12]
•As developers take advantage of these emerging technologies
to craft Web-based experiences across a growing range of
devices, the traditional OS will likely continue to recede from
users’ awareness and perhaps eventually disappear
altogether. [12]
43. 43
References
[1] Tim O'Reilly,The State of the Internet Operating System
.[Online].Available: http://radar.oreilly.com/2010/03/state-of-internet-
operating-system.html,March 29, 2010. [Accessed: Sept. 5, 2012].
[2] Google,Releasing the Chromium OS open source project.
[Online].Available: http://googleblog.blogspot.in/2009/11/releasing-
chromium-os-open-source.html, November 20, 2009. [Accessed: Sept. 2,
2012].
[3] Google,Software Architecture. [Online]. Available:
http://www.chromium.org/chromium-os/chromiumos-design-
docs/software-architecture. [Accessed: Sept. 11, 2012].
[4] Google, Security Overview. [Online]. Available:
http://www.chromium.org/chromium-os/chromiumos-design-
docs/security-overview. [Accessed: Sept. 12, 2012].
44. 44
References
[5] Barth, A. Jackson, C. Reis, C., and the Google
Chrome team, The Security Architecture of the Chromium
Browser.
[Online].Available:http://seclab.stanford.edu/websec/chromium/,May
2008.[Accessed: Sept.1, 2012]
[6] Google, Protecting Cached User Data . [Online]. Available:
http://www.chromium.org/chromium-os/chromiumos-design-
docs/protecting-cached-user-data. [Accessed: Sept.11 , 2012].
[7] Martin Bligh, Software Engineer, Chromium OS Fast
Boot [Video].Available: http://www.youtube.com/watch?v=mTFfl7AjNfI.
Nov 18, 2009.
[8] Will Drewry, Security Engineer, Chromium OS Security[Video].Available:
http://www.youtube.com/watch?v=A9WVmNfgjtQ.
Nov 18, 2009.
45. 45
References
[9]Google, Verified Boot.[Online].Available:
http://www.chromium.org/chromium-os/chromiumos-design-
docs/verified-boot. [Accessed: Sept. 12, 2012].
[10] Google, Disk Format. [Online]. Available:
http://www.chromium.org/chromium-os/chromiumos-design-docs/disk-
format. [Accessed: Sept. 13, 2012].
[11] Google, File System/Autoupdate. [Online]. Available:
http://www.chromium.org/chromium-os/chromiumos-design-
docs/filesystem-autoupdate. [Accessed: Sept. 13, 2012].
[12] Alex Wright, "Ready for a Web OS?“,communications of the acm, vol.
52, no. 12, pp.16-17, Dec 2009. [Online]. Available: ACM Digital
Library, Available: http://dl.acm.org/citation.cfm?id=1610260. [Accessed
Sept.2, 2012].
An operating system ( OS ) is a collection of software that manages computer hardware resources and provides common services for computer programs . The operating system is a vital component of the system software in a computer system. Application programs require an operating system to function.
Tim O'Reilly (born June 6, 1954) is the founder of O’Reilly media and a supporter of the free software and open source movements
System-level and user-land software D-Bus: to interact with the rest of the system. Example,battery meter and network picker. Connection Manager: Provides a common API for interacting with the network devices, provides a DNS proxy, and manages network services for 3G, wireless, and ethernet. WPA Supplicant: Used to connect to wireless networks. Autoupdate: Our autoupdate daemon silently installs new system images. Power Management: (ACPI on Intel) Handles power management events like closing the lid or pushing the power button. Standard Linux services: NTP, syslog, and cron. the kernel is the main component of most computer operating systems ; it is a bridge between applications and the actual data processing done at the hardware level. The kernel's responsibilities include managing the system's resources (the communication between hardware and software components). [1] .
firmware is the combination of persistent memory and program code and data stored in it
The window manager is responsible for handling the user's interaction with multiple client windows
Attacks against the autoupdate process are likely to be executed by a dedicated adversary who would subvert networking infrastructure to inject a fake autoupdate with malicious code inside it Secure Sockets Layer ( SSL ), are cryptographic protocols that provide communication security over the Internet . [1] TLS and SSL encrypt the segments of network connections at the Application Layer for the Transport Layer , using asymmetric cryptography for key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity.
Firmware-based verification Read-only firmware checks writable firmware with a permanently stored key. If verification fails, the user can either bypass checking or boot to a safe recovery mode. Kernel-based verification (for details, see the Verified Boot design document) This approach extends authenticity and integrity guarantees to files and metadata on the root file system.
Firmware-based verification Read-only firmware checks writable firmware with a permanently stored key. If verification fails, the user can either bypass checking or boot to a safe recovery mode. Kernel-based verification (for details, see the Verified Boot design document) This approach extends authenticity and integrity guarantees to files and metadata on the root file system.
A web browser engine , (sometimes called layout engine or rendering engine ), is a software component that takes marked up content (such as HTML , XML , image files, etc.) and formatting information (such as CSS , XSL , etc.) and displays the formatted content on the screen
eCryptfs is a cryptographic stacked Linux filesystem. eCryptfs stores cryptographic metadata in the header of each file written, so that encrypted files can be copied between hosts; the file will be decrypted with the proper key in the Linux kernel keyring. There is no need to keep track of any additional information aside from what is already in the encrypted file itself
Firmware-based verification Read-only firmware checks writable firmware with a permanently stored key. If verification fails, the user can either bypass checking or boot to a safe recovery mode. Kernel-based verification (for details, see the Verified Boot design document) This approach extends authenticity and integrity guarantees to files and metadata on the root file system.
GUID Partition Table ( GPT ) is a standard for the layout of the partition table on a physical hard disk the Basic Input/Output System (BIOS) , also known as the system BIOS A globally unique identifier ( GUID )is a unique reference number used as an identifier in computer software.
GUID Partition Table ( GPT ) is a standard for the layout of the partition table on a physical hard disk the Basic Input/Output System (BIOS) , also known as the system BIOS A globally unique identifier ( GUID )is a unique reference number used as an identifier in computer software.
deltas (i.e. only the parts of the system that changed are downloaded)
ORIGINA EQUIP. MANUFACTURERS like redhat,debian,ubuntu
The lack of offline support is a huge disadvantage You will always need to use google account to use the netbook.
Best of the Web—the rapid deployment and updating of new applications, device independence, and the ease and convenience with which large communities can collaborate and share Information desktop applications—operating at machine speed,rich and interactive interfaces, and access to local hardware—
But even if the traditional OS sticks around in some form for years to come, it may not matter much to anyone except developers.