In the last year while talking to respected security-focused engineers & developers, I’ve come to fully appreciate Google’s Chrome OS design. The architecture benefited from a modern view of threat modeling and real-world attacks. For example, Trusted Platform Module (TPM) hardware chips are built into every Chromebook and deeply incorporated into the OS. The design documents go into some detail on the specific protections that TPM provides, particularly around critical encryption functions.
I also learned that Chromebook is the daily driver for many of Google’s own senior developers and security engineers. In short, the combination of the underlying Chromebook hardware with the OS architecture makes for a pretty compelling secure development environment.
It’s pretty neat to consider the possibility of pre-travel “power washing” (resetting everything clean to factory settings) on an inexpensive Chromebook and later securely restore over the air once at my destination. Since there is a wide range in Chromebook prices, the engineering challenge here was to find something powerful enough to comfortably use exclusively for several days of coding, writing, and presenting, but also cheap enough that should it get lost/stolen/damaged, I wouldn’t lose too much sleep. The threat model here does not include recovery from physical tampering; if the machine were somehow confiscated or otherwise out of my custody, I could treat it as a burner and move on.
Interesting guide on how to turn an inexpensive Chromebook into a burner developer device safe for international travel.
I’ve used Chromebook in environments where security is a priority.
The security model is really good.
* the devices are designed not to hold much data, you’re working in the cloud over encrypted links
* the little data that is cached is encrypted anyway, you’d have to attack the OS or live RAM to get at the data
* the linux based OS has a good security record – you don’t often see remote websites able to break the local OS and break out of the browser process to steal data
* the basic and foundations are solid – no unknown binaries are run, for example, .. try doing that with Windows / MacOS
* simple minimal OS – means it is easier to manage and secure … over bloated software is much harder to fully understand and secure
* users dont’ and can’t install stuff .. not even admin users .. admins are only admins of their google business domains .. not admins over the local software (except those who break the chrome books to install their own OS).
* easy remote device kill (prev the was thing the laptop to a single domain and only valid unsuspended accounts were usable, they may now have remote wipe)
* all this kind f stuff used with the app-level controls like 2-factor auth, shared encrypted cloud data, makes for a quite secure environment overall
trying to meet basic security objectives and apply controls to defend against the most common threats in a corporate environment with windows/macos is complex, expensive, error prone and needs 3rd party tools
there is only 1 wish I have with Chromebook .. it is that Google Apps/Domains be configured to accept connections not just from approved users, but also approved devices…. here is a blog I wrote on this…
This is a nice article, but I was actually hoping that it was going to describe a remote development environment, where the ChromeBook was…just a ChromeBook.
Ideally something a little more sophisticated than Vim, SSH, and screen.