Google has announced the launch of the KataOS operating system. The goal of this system is to provide a security system for embedded devices. There are now more smart devices that collect and process information from the environment. According to Google, these devices are more susceptible to security issues. Thus, there is a need for a simple solution which is a verifiably secure system for embedded hardware. If the devices around us cannot be mathematically proven to keep data safe, then there is trouble. This is because the data they collect can be vulnerable to outside attacks. This means the images, voice recordings, videos and other data can be stolen by malware. This is the reason why Google had to introduce KataOS.
According to reports, KataOS has chosen seL4 as the microkernel. This is proven to be secure and it is private as well as available. The probity level is high and users can be certain of protection. Through the seL4 CAmkES structure, KataOS is also able to provide a defined and analyzable system components. KataOS provides a verifiably secure system. It protects user privacy, as it is lucidly impossible for applications to violate the kernel’s hardware security protections. In addition, the system modules are verifiably secure. Furthermore, KataOS is implemented almost entirely in Rust. This is a language that removes all types of bugs such as off-by-one bugs and buffer overflows.
Gizchina News of the week
The early version of Google’s KataOS has been open-sourced on GitHub. This includes most of the core modules of KataOS:
- Frameworks for Rust (eg sel4 syscall, which provides the sel4 syscall API)
- Alternate rootserver written in Rust (required for dynamic system-wide memory management)
- sel4 kernel modification to reclaim memory used by rootserver
KataOS runs third-party apps
Google is also working with Antmicro. The relationship will enable GDB debugging and emulation via Renode for target hardware. Internally, KataOS is also able to load and run third-party applications in a dynamic way. It even runs applications that are built outside of the CAmkES structure. Currently, the code on Github does not contain the modules needed to run these apps. However, Google hopes to release these operations in the near future.
Google has also built a reference implementation for KataOS called Sparrow. The reason for Sparrow is to fully show the secure environment system. It uses KataOS with a secure hardware platform. Sparrow includes a clearly secure root of trust built with OpenTitan on the RISC-V architecture. This is in addition to the secure operating system kernel. However, for the initial release of KataOS, Google is aiming to use QEMU emulation. It will use this emulation to run the more standard 64-bit ARM system.