80 likes | 271 Views
Chromium OS. Chase Rogers. User Interface. Unobtrusive Use small amount of screen space Combine apps and web pages into one tab strip Floating Windows Search as a primary form of navigation Web applications with the functionality of desktop applications. Architecture. 3 Major Components
E N D
Chromium OS Chase Rogers
User Interface Unobtrusive Use small amount of screen space Combine apps and web pages into one tab strip Floating Windows Search as a primary form of navigation Web applications with the functionality of desktop applications
Architecture • 3 Major Components • Chromium-based browser and window manager • System-level software and user-land services • Firmware • Kernel-mostly stock • Patched to improve boot performance • Only services that are absolutely critical are running
Designed to make booting faster and more secure • Implements: • System recovery: The recovery firmware can re-install Chromium OS in the even that the system has become corrupt or compromised. • Verified boot: Each time the system boots, Chromium OS verifies that the firmware, kernel, and system image have not been tampered with or become corrupt. This process starts in the firmware. • Fast boot: Improved boot performance by removing a lot of complexity that is normally found in PC firmware.
Security • Four principals • The perfect is the enemy of the good • Deploy defenses in depth • Make devices secure by default • Don’t scapegoat users
Perfect is the enemy of the good • No security solution is ever perfect • Mistakes will be made • There will be unforeseen interactions • Cannot let this prevent the release of something very good • Deploy defenses in depth • Use variety of defenses to act as stumbling blocks for the attacker • Assume the attacker will still get in • Have another layer of defenses in place to prevent turning a user account compromise into a root or kernel exploit • Prevent attacker from adding an account, installing services, or re-compromising system after reboot
Make it secure by default • Being safe is not an advanced or optional feature. • Advantage of knowing which software should be running on the device at all times • Better able to deploy solutions that leave the user’s machine humming along nicely • Don’t scapegoat users • People assess their risk all the time • It is difficult to make accurate judgments about one’s level of risk • It is not the users’ fault • Require users to only make decisions about things they comprehend • Fail-safe is they don’t understand a choice and just want to click and make it go away