Let's look at the Chrome OS Security Model, as an example of of a system that applies the principles of defense and depth, that we've been studying. This OS has lots of different security layers designed to protect against attacks. So that if one layer is compromised the others are still in effect. As we call that on the first course Chrome OS runs Linux under the hood and features a simple user interface. Most of the system interaction happens through the Chrome browser. The goal of the OS is to be a secure and simple way for the user to interact with the web. The user doesn't have administrative privileges or permission to modify the system, since the Chrome browser is running with user permissions managed by the administrator. This means that even if the browser is exploited, the system can't be tampered with. Chrome OS defaults to securing the operating system. This means that the system settings are already configured for security and the user doesn't need to take any additional action. Chrome OS turns on hardening options that are available to all Linus operating systems. But not all Linux distributions enable these options. Let's go over some other specific security features developed for Chrome OS. As we've said before, applying security updates is critical for keeping a secure infrastructure. Chrome OS tackles this problem by implementing automatic updates. As soon as an update is available, the OS downloads and installs it in the background without any user interaction. Users will be prompted to restart when updates are available. The update then goes live as soon as the machine is restarted. One of the security features of Chrome OS is called sandboxing. Each tab in a Chrome browser, as well as each of the system services runs in a separate process completely independent of the others. So, if the user visits a malicious website, most of damage that the website can do is limited to that single tab. Only the session data stored on the computer hard drive such as cookies, caches, and bookmarks is accessible to all tabs. And of course, session data created by one website is not accessible to other websites. Another important Chrome OS security feature is the automatic and easy-to-use recovery mode. When the system detects a problem either because of data corruption or an attacker tampering with the installed operating system. It will automatically enter recovery mode and help the user return the system to a working, reliable state. Powerwash is another Chrome OS security feature. It allows the user to quickly reset the machine to its factory default settings. Since all the users personal data is stored in the Cloud, this feature will delete any downloaded files, cookies, and caches stored in the hard drive of the computer. Being able to delete everything from local drives improves security, when travelling or entering other unsecure or unknown environments. But that's not all, in the next two videos, we'll cover two central security measures in Chrome OS. Verified boot, and data encryption.