November 24, 2009, 2:33 PM — Google's Chrome OS has many virtues. Based on a solid foundation of Ubuntu Linux, it uses the Chrome Web browser as its interface to any and all applications. Chrome OS is also not so much a Windows replacement, as it's an attempt to get rid of the entire traditional idea of a PC desktop. If Google is successful with this, one big reason will be its vastly improved security.
Before I go into why Chrome OS will be much more secure than Windows, I have to point out that Google has one big, honking huge security problem to fix first: it's reliance on the fatally flawed login/password model. If they can beat that problem, then Chrome is likely to be most secure 'desktop' operating system we'll have ever seen. Here's why.
First, Google accepts that it's impossible to make an absolutely secure operating system. They use a phrase to describe this design philosophy that I think every developer should have tattooed on their hands: "The perfect is the enemy of the good." In other words, Google won't waste its time on trying to find some perfect system that only exists in fantasy. Instead, Google is spending time on making the best practical security system. This is how it plays out.
1. Harden the operating system
Chrome developers are using a variety of Linux security techniques to minimize how much system access any given program will have and to reduce the number of exposed attack surfaces. In addition, Chrome OS is adopting a defense in depth (PDF Link) approach. The core idea here is that you use multiple layers of security so even if someone breaks in at one point, they're faced with yet another security barrier.
Google is using multiple methods to harden Chrome, but I'm going to glance at just two here. One, namespaces (PDF Link) is rather old. The other, cgroups (Control Groups), is quite new, but the pair have similar goals. In each, the idea is to isolate a hierarchical collection of tasks, cgroups, or a set of processes, and process trees, namespaces, from unlimited access to the system.