So, using both techniques, when an application runs on Chrome its processes gets only as much access to the operating system as it needs to do its job. In each, the idea is to isolate a hierarchical collection of tasks, cgroups, or a set of processes, and process trees, namespaces, from unlimited access to the system. The other, cgroups ( Control Groups), is quite new, but the pair have similar goals. One, namespaces (PDF Link) is rather old. Google is using multiple methods to harden Chrome, but I'm going to glance at just two here.
The core idea here is that you use multiple layers of security so even if someone breaks in at one point, they're faced with yet another security barrier. In addition, Chrome OS is adopting a defense in depth (PDF Link) approach.
This is how it plays out.Ĭhrome developers are using a variety of Linux security techniques to minimize how much system access any given program will have and to reduce the number of exposed attack surfaces. Instead, Google is spending time on making the best practical security system. They use a phrase to describe this design philosophy that I think every developer should have tattooed on their hands: "The perfect is the enemy of the good." In other words, Google won't waste its time on trying to find some perfect system that only exists in fantasy. First, Google accepts that it's impossible to make an absolutely secure operating system.
0 kommentar(er)
