Professional Documents
Culture Documents
Chrome Operating System
Chrome Operating System
UNIT: OPERTING
PAPER TITLE:
“PATHFINDER”
By
K. CLASS :2019CSCS1A
ADM NO:2019CS135018
SUBMITTED TO
LECTURER: MR. OKIDIA YONA
DATE: 28TH JUNE 2019
Abstract
Due to the increase nature of computer threats and attacks, the security of the operating system is
paramount in the computing world today. Every modern computer system, from network servers,
workstation desktops, to laptops and hand-held devices, has a core piece of software, called operating
system (OS) executed on the top of a bare machine of hardware that allocates the basic resources of
the system and supervises the execution of all applications within the system. This paper investigates
and evaluates the security of Google Chrome Operating System. Google Chrome Operating system is
an operating system developed by google, which runs on specialized hardware. The Chrome OS differ
from traditional operating system such as Windows in that it is designed to work specifically with web
applications. In this operating system, the user data lives essentially on the web. Thus, if the physical
machine-laptop is lost or stolen, the user can still access their data online. However, the Chromebook
also allows users to access downloaded data offline, which must be kept safe. To achieve this, Chrome
OS ensures that all downloaded data is protected and that code running on this Chromebook is safe to
use. In order to avoid security challenges of traditional operating system such as virus and worms,
Chromebook not only ensures that the code is safe, but also incorporates an auto update features to
add new patches to the system.
Keywords: architecture, Security, Google Chrome, Web, Operating System, Chrome OS,
cloud, Linux, open source. Cloud computing, netbook
I am extremely grateful and remain indebted to lecturer Mr. Okidia for being a source of inspiration
and for his constant support in the Design, implementation and evaluation of the term paper. The
constant constructive criticism and invaluable suggestion, which benefited me a lot while
developing the Term paper on “Chrome Operating System”.
Last but not the least, I would like to thank my family, my classmates and my friends, for giving all
the things that needed to me at the first place and supporting me intellectually spiritually throughout
my entire period of preparing this Paper.
What is a Netbook?
Netbooks (sometimes also called mini notebooks or ultra-portables) are a branch of subnotebooks, a
rapidly evolving category of small, lightweight, and inexpensive laptop computers suited for general
computing and accessing Web-based applications; they are often marketed as "companion devices",
i.e. At their inception in late 2007 — as smaller notebooks optimized for low weight and low cost —
netbooks omitted certain features, featured smaller screens and keyboards, and offered reduced
specification and computing power. Over the course of their evolution, netbooks have ranged in size
from below 5" screen diagonal to over 11.6". A typical weight is 1 kg. Often significantly less
expensive than other laptops, by mid-2009, some wireless data carriers began to offer netbooks to
users "free of charge", with an extended service contract purchase.
History
Chrome OS's origins are unclear. Jeff Nelson, a former Google engineer, claimed to have developed
the original technology, code named "Google OS", described as "a webapp-centric chopped-down
Linux with a Chrome browser front-end". As proof, Nelson cited a patent filed by Google in March
2009, listing Nelson as the inventor, entitled "Network-based Operating System Across Devices". In
a discussion on Google+ in February 2013, Nelson wrote that by the end of 2007, after a series of
meetings, he and a product manager had convinced "management to launch the Chrome OS project
and assign head count". Other Google employees disputed his claim, including Antoine Labour, who
was one of the three original engineers on the Chrome OS project. Labour wrote in the February
2013 Google+ discussion that he had never heard of Nelson, and that Nelson's work on a Linux
distribution "based on the concept of running off of a ram disk" has "pretty much nothing to do with
Google developers began coding the operating system in 2009, inspired by the growing popularity
and lower-power consumption of netbooks, and the realization that these small laptops had gotten
their name from their primary use: accessing the Internet. To ascertain demand for an operating
system focused on netbook Web transactions, the company eschewed the usual demographic
research generally associated with a large software development project. Instead, engineers have
relied on more informal metrics, including monitoring the usage patterns of some 200 Chrome OS
machines used by Google employees. Developers also noted their own usage patterns. Matthew
Papakipos, engineering director for the Chrome OS project, put three machines in his house and
found himself logging in for brief sessions: to make a single search query or send a short email.
User interface
Design goals for Google Chrome OS's user interface include using minimal screen space by
combining applications and standard Web pages into a single tab strip, rather than separating the
two. Designers are considering a reduced window management scheme that would operate only in
full- screen mode. Secondary tasks would be handled with "panels": floating windows that dock to
the bottom of the screen for tasks like chat and music players. Split screens are also under
consideration for viewing two pieces of content side-by-side. Google Chrome OS will follow the
Chrome browser's practice of leveraging HTML5's offline modes, background processing, and
notifications. Designers propose using search and pinned tabs as a way to quickly locate and access
applications.
In June 2010, Google software engineer Gary Kačmarčík wrote that Chrome OS will access remote
applications through a technology unofficially called "Chromoting", which would resemble
Microsoft's Remote Desktop Connection.
New window manager and graphics engine
On April 10, 2012, a new build of Chrome OS offered a choice between the original full-screen
window interface and overlapping, re-sizable windows, such as found on Microsoft Windows and
Apple's Mac OS X. The feature was implemented through the Ash window manager, which runs
atop the Aura hardware-accelerated graphics engine. The April 2012 upgrade also included the
ability to display smaller, overlapping browser windows, each with its own translucent tabs, browser
tabs that can be "torn" and dragged to new positions or merged with another tab strip, and a mouse-
enabled shortcut list across the bottom of the screen. One icon on the task bar shows a list of
installed apps and bookmarks. Writing in CNET, Stephen Shankland argued that with overlapping
windows, "Google is anchoring itself into the past" as both iOS and Microsoft's Metro interface are
largely or entirely full-screen. Even so, "Chrome OS already is different enough that it's best to
preserve any familiarity that can be preserved".
Hardware Support
Google Chrome OS is initially intended for secondary devices like netbooks, not a user's primary
PC, and will run on hardware incorporating an x86 or ARM. While Chrome OS will support hard
disk drives, Google has requested that its hardware partners use solid-state drives due to their higher
performance and reliability, as well as the lower capacity requirements inherent in an operating
system that accesses applications and most user data on remote servers. Google Chrome OS
consumes one- sixtieth as much drive space as Windows 7.
Companies developing hardware for the operating system include Hewlett-Packard, Acer, Adobe,
Asus, Lenovo, Texas Instruments, Freescale, Intel, Samsung Australia and Qualcomm.
In December 2009, Michael Arrington of TechCrunch reported that Google has approached at least
one hardware manufacturer about building a Google-branded Chrome OS netbook. According to
Arrington's sources, the devices could possibly be configured for mobile broadband and be
subsidized by one or more carriers.
Printing
Google Cloud Print is a Google service that helps any application on any device to print on any
printer. While the cloud provides virtually any connected device with information access, the task of
"developing and maintaining print subsystems for every combination of hardware and operating
system – from desktops to netbooks to mobile devices – simply isn't feasible. “However, the cloud
service would entail installing a piece of software, called a proxy.
Link handling
One unresolved design problem related to both Chrome OS and the Chrome browser is the desired
behavior for how Web applications handle specific link types. For example, if a JPEG is opened in
Chrome or on a Chrome OS device, should a specific Web application be automatically opened to
view it, and if so, which one? Similarly, if a user clicks on a .doc file, which website should open:
Office Live, Gview, or a previewing utility? Project director Matthew Papakipos noted that
Windows developers have faced the same fundamental problem: "Quicktime is fighting with
Windows Media Player, which is fighting with Chrome". As the number of Web applications
increases, the same problem arises.
Security
In March 2010, Google software security engineer Will Drewry discussed Chrome OS security.
Drewry described Chrome OS as a "hardened" operating system featuring auto-updating and
sandbox features that will reduce malware exposure. He said that Chrome OS netbooks will be
shipped with Trusted Platform Module (TPM), and include both a "trusted bootpath" and a physical
switch under the battery compartment that actuates a developer mode. That mode drops some
specialized security functions but increases developer flexibility. Drewry also emphasized that the
open source nature of the operating system will contribute greatly to its security by allowing
constant developer feedback.
Shell access
Chrome OS includes the Chrome Shell, or "crosh", which offers minimal functionality such as ping
and SSH, but no Bash-like shell abilities. In developer mode, a full-featured Bash shell can be opened
via VT-2, and is also accessible via the crosh command "shell".
Release channels and updates
Chrome OS uses the same release system as Google Chrome: there are three distinct channels:
Stable, Beta, and Developer preview (called the "Dev" channel). The stable channel will be updated
with features and fixes once they have been thoroughly tested in the Beta channel, and the Beta
channel will be updated roughly monthly with stable and complete features from the Developer
channel. The Developer channel is where ideas get tested, and sometimes fail, and can be very
PART TWO:
Internal Design
User Applications
The Google Chrome Operating System’s architecture can be divided up into four separate layers. The
first is the User Application’s layer. Applications are written mainly in Java Based such as JVM, Java
servlets, JavaScript and Ruby. Applications run in The Sandbox which provides a protective
environment which does not rely on the Hardware Layer, instead it provides an abstraction that does
not care for the hardware specifics. Applications such as Chrome Browser, Chrome Web Store,
Gmail, Games, Google Calendar, Google Maps, Google Play Music, Netflix, and YouTube all come
standard when on Chromebooks and Chrome boxes
Operating System Services
The operating system offers services to programs and the user whom are executing the programs.
The services that are offered can be broken down into six main categories.
User Interface
Google Chrome Operating System offers both the Command Line Interface and the Graphical User
Interface. The Command Line Interface allows the user to enter input through the keyboard as text
commands. The Graphical User Interface is a windowing system with a touchpad/mouse that allows
the user to enter I/O, virtually touch software, and enter input through the keyboard.
PART THREE:
I/O OPERATIONS
Many Programs often have the need for I/O, where I/O devices or files are involved. For these
devices, specific functions are often needed such as burning a disk. Because I/O devices are
normally not accessible to the user, for both security reasons and from a productivity viewpoint,
they are handled by The Google Chrome Operating System.
PROCESS MANAGEMENT
The Process Scheduler
The Process Scheduler’s purpose it to control process access to the CPU. Operating systems use a
variety of types of schedulers to do so. The Google Chrome Operating System uses the Completely
Fair Scheduler. This scheduler is designed to balance or maintain fairness, by splitting up processor
time to tasks. To do this the scheduler uses a virtual runtime to keep track of the length of time
provided to task at hand. This way the task that has been permitted the least amount of time to the
processor, becomes the task that needs the processor the most.
MEMORY MANAGEMENT
The Memory Manager
The Memory Manager, of The Google Chrome Operating System ’s, purpose is to control process
access to the hardware’s memory components. The Memory Manager is able to do so by using a
hardware memory management system which supports mapping to occur from the process memory
identifying code to the systems memory. This allows processes to all access main memory at the
same time.
The Virtual File System
The goal of the VFS is to provide a generic format of hardware data to other devices on the system.
The VFS of The Google Chrome Operating System provides an abstraction of most hardware
devices in the machine and puts the abstraction in a common file interface for that rest of the devices
on the machine can interpret. The Virtual File System also supports other file system formats that
are associated with other operating systems such as Windows.
Inter-process Communication
This is an essential subsystem of the Google Chrome Operating Systems. Inter-process
Communication inhibits process to process communication running on the same machine. This is
important if a process uses another process in order to function.
CPU Scheduling
The Google Chrome Operating System runs the Linux 3.4.6 kernel which utilizes the Completely
Fair Scheduler. The goal of the Completely Fair Scheduler is to ensure fairness. This is done by
allowing processes an equal share of the Central Processing Unit. For example, the process that has
had the least amount of time with the CPU needs the CPU the most. In order for the Completely Fair
Scheduler to maintain balance, the scheduler keeps track of the amount of time each process has had
with the CPU using a virtual runtime. The Completely Fair Scheduler uses a red black tree to sort by
time. The red black tree is ideal for the scheduler, for red black trees only allow the furthest node to
be one level lower. In addition, red black trees big O time is O (log n) allowing for fast operations.
The Completely Fair Scheduler also allows for group scheduling. Group scheduling ensures that in
situations where tasks spawn other tasks, each single task is ensured their own virtual runtime rather
than treating tasks uniformly.
Security
While the Google Chrome Operating System is by default more secure than most operating systems
due to its constant update on each boot it also utilizes Sandbox to maintain security. Sandbox is able
to provide security by only allowing programs to run that are not going to alter unauthorized areas of
the operating system, machine, or private information. The Sandbox was designed for user mode
only. This means that the user does not need to be a super user in order to use the Sandbox. The
Sandbox is configured into two separate processes. The first is the broker process. In Chrome OS the
broker is solely the browser process. The broker can be viewed as an administrator that dictates the
Sandboxes processes. The broker has a variety of jobs such as housing Sandbox policy engine
service, interception manager, and IPC service, creating target process, determine policy for all
target processes, and execute the policy allowed actions for the target process. The target process in
the Chrome OS is the renderers. The target projects job is to house all the data that is to be executed
in the Sandbox as well as the Sandboxes client-side architecture. Such as the IPC client, policy
System Boot
On most operating systems, once powered on the firmware searches for components inside the
computer, or externally, and initializes them one at a time, followed by a splash screen that displays
the laptop maker. After the firmware finishes it will load the bootstrap loader which locates and
retrieves a program that will boot from the hard drive to intern load the kernel. The kernel searches
for all components once more and initializes them. Next another splash screen will display the
operating system whether it is Windows, Mac, Linux, etc. After all this the user is finally able to
login. Upon startup, all startup applications will then start further slowing down the system such as
antivirus software. Finally, the user is able to login (again) to the web browser. In Chrome OS the
boot process has been made much faster by eliminating all unnecessary procedures. Since the
Chromebook has been designed exclusively for Chrome OS the firmware does not have to search for
components, it already knows what is in it. Next it does not check to see if there is a CD, DVD, or
USB inserted in the machine thus eliminating more time. Initializing hardware is slow; therefore, it
has been moved from the firmware to the kernel which stops multiple devices from powering on
during startup. Furthermore, all splash screens have been eliminated as they are unnecessary. There
is no bootloader, therefore, we jump straight to the kernel. There are no startup applications other
than the browser, so no waiting for normal start up applications. Finally, since it already knows your
Google Account there is no need to login. By replacing the outdate HDD with a much faster SSD,
there are no moving parts, which eliminates the time wasted by waiting for a needle to move to the
correct location. In turn Google Chrome OS can often boot in under five seconds.
Event Handling
Device drivers that can be found in the kernel perform event handling as well as interrupts. Once the
kernel has been alerted, the application that is waiting for that particular event or interrupts receives
notification. The parts that are doing the event handling are not aware of any time constraints to
execute the procedure. While not an issue with event handling, it becomes an issue when interrupts
are involved. On a Chrome OS machine such as a Chromebook, interrupts are first priority. This can
cause problems when a task with first priority is cut off by another interrupt. Since the system does
not know for sure when this scenario can happen, there is often setbacks.
Cloud Storage
Chromebooks and Chrome boxes both come with 100GB of cloud storage that Google offers for
free as an incentive to sell these machines. The reason Google is able to offer their Samsung
20 | P a g OS TERM PAPER BY KARL IAN karlkibet@gmail.co
version of
Current Research
When first introduce the Google Chrome Operating System’s interface was a Chrome web window
allowing for no way to exit out of the window. Chrome OS’s most recent update was their Aura
Shell. Aura gives the advantage of a traditional desktop feel that is familiar with most Windows,
Mac, and Ubuntu users. Icons for applications can be found on the bottom which Google has named
“shelf”, which will feel very familiar to Window’s taskbar. In addition, the newest version of
chrome now allows for multiple windows rather than multiple tabs inside the Google Chrome and
Chrome boxes will also become cheaper in the near future due to a variety of factors. The first
reason is that companies such as HP, Dell, and Asus will soon be in on the action instead of
Samsung being the only producer. The competition while drive the price down in order to sell the
company’s product. Next prices on hardware will continue to go down due to the fact that
Chromebooks do not need the latest and greatest hardware to be proficient. As Intel continues to
release its 3rd and 4th generation i3, i5, i7 processors, the price will go down for their older Pentium
processors. In addition, Solid State Drives price per GB is dropping much faster than the Hard Disk
Drive ever has. Finally, Sergey Brin has said that Chrome OS and Android, Google’s highly
successful mobile operating system, will eventually combine to form one universal operating
system. Android dominates the mobile phone operating system market with nearly three out of every
four phones is an Android.
22 | P a g OS TERM PAPER BY KARL IAN karlkibet@gmail.co
23 | P a g OS TERM PAPER BY KARL IAN karlkibet@gmail.co
Market implications
When Google announced the Chrome browser in September 2008 it was viewed as a continuation of
the battle between Google and Microsoft ("the two giants of the digital revolution"). As of
December 2009, Microsoft dominates the usage share of desktop operating systems and the software
market in word processing and spreadsheet applications. The operating system dominance may be
challenged directly by Google Chrome OS, and the application dominance indirectly through a shift
to cloud computing. According to an analysis by PC World, Google Chrome OS represents the next
step in this battle. But Chrome OS engineering director Matthew Papakipos has noted that the two
operating systems will not fully overlap in functionality. Users should be aware that Chrome OS
hosted on a netbook is not intended as a substitute for Microsoft Windows running on a
conventional laptop, which has the computational power to run a resource-intensive program like
Photoshop.
In November 2009, Glyn Moody, writing for Linux Journal, predicted that Google's market model
for the Chrome OS will be to give the software and the netbook hardware that it will run on away for
free, as a means of expanding its advertising-based model. He said: "The unexpected success of
netbooks over the last two years shows there is a market for this new kind of computing; giving
away systems for free would take it to the next level. Then, gradually, that instant-on, secure,
secondary netbook might become the one you spend most time on, and Google's ad revenues would
climb even higher. "
Relationship to Android
The successive introductions of Android and Google Chrome OS, both open source, client-based
operating systems, have created some market confusion, especially with Android's growing success.
Microsoft CEO Steve Ballmer accused Google of not being able to make up their mind. [ Google has
downplayed this conflict, suggesting that the two operating systems address different markets,
mobile and personal computing, which remain distinct despite the growing convergence of the
devices. Co- founder Sergey Brin suggested that the two systems "will likely converge over time".
Related Work:
Google Chrome OS is a new project, separate from Android. Android was designed from the
beginning to work across a variety of devices from phones to set-top boxes to netbooks. Google
Chrome OS is being created for people who spend most of their time on the web, and is being
designed to power computers ranging from small netbooks to full-size desktop systems. While there
are areas where Google Chrome OS and Android overlap, Google believes choice will drive
innovation for the benefit of everyone, including Google.
Google Chrome OS is an open source, lightweight operating system that will initially be targeted at
netbooks. Later this year Google will open-source its code, and netbooks running Google Chrome
OS will be available for consumers in the second half of 2010. Because Google's already talking to
partners about the project, and it'll soon be working with the open source community, Google
wanted to share our vision now so everyone understands what we are trying to achieve.
Google has a lot of work to do, and Google’s definitely going to need a lot of help from the open
source community to accomplish this vision.
High-level design
We'll look at each component, starting with the firmware.
4.1 Firmware
The firmware plays a key part to make booting the OS faster and more secure. To achieve this goal
we are removing unnecessary components and adding support for verifying each step in the boot
process. We are also adding support for system recovery into the firmware itself. We can avoid
the complexity that's in most PC firmware because we don't have to be backwards compatible
with a large amount of legacy hardware. For example, we don't have to probe for floppy drives.
Our firmware will implement the following functionality:
System recovery: The recovery firmware can re-install Chromium OS in the event that the
system has become corrupt or compromised.
Verified boot: Each time the system boots, Chromium OS verifies that the firmware, kernel,
and system image have not been tampered with or become corrupt. This process starts in the
firmware.
Fast boot: We have improved boot performance by removing a lot of complexity that is
normally found in PC firmware.
D-Bus: The browser uses D-Bus to interact with the rest of the system. Examples of this include the
battery meter and network picker.
Connection Manager: Provides a common API for interacting with the network devices, provides a
DNS proxy, and manages network services for 3G, wireless, and ethernet.
Auto update: Our auto update daemon silently installs new system images.
Power Management: (ACPI on Intel) Handles power management events like closing the lid or
pushing the power button.
Firmware
1. Incomplete update: An update of the firmware is interrupted. This leaves the portion of the
firmware which was being updated in an unknown or corrupt state. For example, if the update is
interrupted after a firmware block is erased but before it is reprogrammed, that block is empty.
2. Attack: An attacker compromises the software and is able to reprogram the firmware. For
example, an exploit of an unpatched kernel vulnerability. In this case, both the main and backup
firmware may be compromised.
3. Corruption: The EEPROM holding the firmware becomes corrupted in the sectors containing
writable/updatable firmware.
Software
1. Incomplete update: An update of the software on the drive is interrupted. This leaves the rootfs
partition in an unknown state.
2. Attack: An attacker compromises the software and is able to rewrite the data on the drive (rootfs
or partition table).
3. Malicious user: A malicious user installs developer mode onto the device, leaving behind a
trojan, then returns the device.
4. Corruption: The drive becomes corrupted in the partition table or rootfs partition.
5. Crash: Device crashes on boot due to bad software. For example, the device is updated with the
wrong image. This prevents the normal auto update process from running.
It is desirable for the recovery instructions and/or recovery URL to include a code for the device
model. This allows the destination website to:
It is desirable for the warning screen to have a timeout, so that Chromium OS devices with
developer images can be used in unattended applications (for example, as a media server). The
timeout should be sufficiently long that a user can read and respond to it - for example, at least 30
seconds.
Since language settings will not be available at this stage of the boot process, any messaging will
likely need to be internationalized and displayed in all possible la
Partitions
A drive currently contains up to four partitions:
One partition for state resident on the drive (user's home directory/Chromium profile, logs,
etc.)—called the "stateful partition."
An optional swap partitions.
Two partitions for the root file system.
In the future, drives may be able to have more partitions, as needed. Because we can use extended
partitions, we aren't limited to four partitions.
Root file system
Only one of the two partitions designated for the root file system will be in use at a given time. The
other will be used for auto updating and for a fallback if the current partition fails to boot.
While a partition is in use as the boot partition, it's read-only until the next boot. Not even the auto
updater will edit the currently-booted root file system. We will mount the stateful partition read-
Open issue: For a boot to count as successful, does the user have to successfully log in? Does the
OS have to successfully ping the update server?
Once a system has booted successfully, we consider the other root partition to be available for
overwriting with an auto update.
Limiting the number of boot attempts
An updated partition can attempt to boot only a limited number of times; if it doesn't boot
successfully after a couple of attempts, then the system goes back to booting from the other
partition. The number of attempts is limited as follows:
When a partition has successfully been updated, it's assigned a remaining attempts value, probably
1 or 2. This value will be stored in the partition table next to the bootable flag (there are some
unused bits that the boot loader can use for its own purposes). The boot loader will examine all
partitions in the system; if it finds any partition that has a remaining attempts value > 0, it will
decrement remaining attempts and then attempt to boot from that partition. If the
Boot fails, then this process repeats.
If no partitions have a remaining attempts value > 0, the boot loader will boot from a partition
marked bootable, as a traditional boot loader would.
Open issue: What's the initial value for remaining attempts?
Boot Sequence
Simple benchmarks indicate that dm-crypt can perform many operations at approximately the same
speed and power cost as the system does without encryption. It's when sustained reads and writes
occur that more and more CPU is used. A test with a heavy, sustained write resulted in the same
battery discharge rate as the heavy writing used without encryption, but the encrypted large write
took about twice as long to complete.
In most use cases, disk encryption isn't noticeable. If AES acceleration reaches additional
processors, then the impact will be even lower. .
Directory structure
All metadata for this feature will live under the /home/. shadow directory. Each user will have a
subdirectory with a name based on the user name hash. That directory will contain all data related to
that user's image on the machine.For example:
/home/.shadow/da39a3ee5e6b4b0d3255bfef95601890afd80709/image
/home/.shadow/da39a3ee5e6b4b0d3255bfef95601890afd80709/salt.0
/home/.shadow/da39a3ee5e6b4b0d3255bfef95601890afd80709/key.0
o The owner can opt in to a mode where anyone with a Google account can log in.
Incognito mode
o Users can initiate a completely stateless session, which does not sync or cache data.
REFERENCE
1. www.chromium.org/chromium-os
2. www.wikipedia.com
3. www.inforamationweeklyanalytics.com