Google Unveils KataOS, A Secure OS Written in Rust

Highlights:

• The OS isn’t for desktops or phones. Instead, it’s for the Internet of Things, maybe for smart homes.
• Even though the project is still in its early stages, the GitHub repository boasts of Rust-based sel4-sys Crate add-ons that provide seL4 syscall APIs.

Google has revealed KataOS, an early venture into a new secure operating system for embedded systems on open-source RISC-V chips.

Google’s KataOS is written “almost entirely in Rust,” the programming language used by the Android Open-Source Project and the Linux kernel project.

The open-source team at Google, which is building intelligent AmbiML (ambient machine-learning) systems, explained, “KataOS is also implemented almost entirely in Rust, which provides a strong starting point for software security since it eliminates entire classes of bugs, such as off-by-one errors and buffer overflows.”

On its project GitHub page, it stressed that KataOS and the umbrella project name, Sparrow, are “works in progress.” Sparrow is an example of how KataOS is used.

Google said, “Our team in Google Research has set out to solve this problem by building a provably secure platform that’s optimized for embedded devices that run ML applications. This is an ongoing project with plenty left to do, but we’re excited to share some early details and invite others to collaborate on the platform so we can all build intelligent ambient systems that have security built-in by default.”

The OS isn’t for desktops or phones. Instead, it’s for the Internet of Things, maybe for smart homes.

The goal is to build secure systems for embedded hardware or edge devices like network-connected cameras that can be used to take pictures that are then processed for machine learning on the device or in the cloud.

The new “security-first” sel4 microkernel is being used to build the OS. It’s open source but has nothing to do with Linux or Google’s Fuchsia OS.

Data61, the digital branch of the Australian research organization CSIRO, released sel4 in 2010 as a mathematically proven correct, bug-free kernel. The Linux Foundation runs the selL4 Foundation.

Google explained, “As the foundation for this new operating system, we chose seL4 as the microkernel because it puts security front and center; it is mathematically proven secure, with guaranteed confidentiality, integrity, and availability.”

“Through the seL4 CAmkES framework, we’re also able to provide statically-defined and analyzable system components. KataOS provides a verifiably-secure platform that protects the user’s privacy because it is logically impossible for applications to breach the kernel’s hardware security protections, and the system components are verifiably secure.”

Even though the project is still in its early stages, the GitHub repository boasts Rust-based sel4-sys Crate add-ons that provide seL4 syscall APIs. It also has a root server written in Rust, which allows for dynamic system-wide memory management and changes to seL4 that will enable the root server to give back the memory it used. It also made debugging possible.

The objective is to support processors with the RISC-V architecture, which has caught the attention of NASA, Intel, and others.

Google notes, “Sparrow includes a logically-secure root of trust built with OpenTitan on a RISC-V architecture. However, for our initial release, we’re targeting a more standard 64-bit ARM platform running in simulation with QEMU.”

What will happen with KataOS is still to be seen. A few years ago, Google released its Fuchsia OS, which was also aimed at the IoT. It was running on Made by Google devices like the Nest Hub, but as noted by 9 to 5Google, recent changes to Fuchsia suggest that Google wants to make it more than just an OS for smart home devices.