Google AmbiML Open-Sources ‘KataOS’, a Secure Operating System for Embedded Machine Learning Hardware

Due to recent technological breakthroughs, the number of always-on or ambient smart gadgets has proliferated in recent years. However, these technical developments also raise concerns about the collection of private information for machine learning and other security and privacy risks. Personally identifiable data collected, such as images that can be used to recognize people’s faces and voice recordings, could be made available to malware if personal devices cannot be mathematically verified to keep the data private. There is always a risk to privacy from a compromised or hacked device, although organizations like Google have moved in this direction by developing tools like Federated Learning to help protect privacy in ML datasets.

Additionally, system security is often viewed as a software feature that can be added to current systems or patched with an additional ASIC hardware component. However, this is insufficient. Google Research’s AmbiML team set out to solve this problem by developing a proven-safe platform suitable for embedded devices that run ML applications. The team works specifically on the development of tools for ML in secure embedded environments. Announcing on the Google Open Source Blog, the company recently released KataOS, a proven security operating system based on the seL4 microkernel. In addition to KataOS, Google also makes available Sparrow, a reference version of the operating system designed for a secure hardware platform based on the RISC-V architecture.

KataOS was developed to control the security and privacy of data acquired by smart devices. The basis of this operating system is seL4, a mathematically proven secure microkernel that guarantees privacy. Due to Rust’s memory safety against one-time errors and buffer overflows, the operating system is almost entirely implemented in this language. It is conceptually impossible for programs to circumvent hardware security protections built into the kernel, and system components are additionally independently verified to be safe. KataOS is developed using the CAmkES build system and can target RISC-V or ARM architecture.

Google Research collaborated with Antmicro on the Renode simulator and related frameworks. This venture was part of Google’s Springbok development, a hardware ML accelerator based on the RISC-V architecture. The Google team was able to co-design the hardware and software of a secure embedded ML platform using the Renode simulation environment. Most core KataOS components are included in the current GitHub release, including Rust frameworks, a different root server created for system-wide dynamic memory management, and kernel changes to seL4 that can recover the memory consumed by the root server. Working with Antmicro made it possible to use Renode’s GDB debugging and simulation tools for their target hardware.

The team is also working to create Sparrow, a reference implementation for KataOS that integrates KataOS with a secure hardware platform. Sparrow contains a logically secure root of trust created with OpenTitan on a RISC-V architecture in addition to the logically secure operating system kernel. Sparrow will be fully open sourced by Google, including all software and hardware designs. However, for now, the company plans to make an early version of KataOS available on GitHub.

The Google team is pretty excited about the potential of KatosOS, although there’s still a lot to do on the current project. They look forward to community contributions that will help them build smart ambient systems with built-in security by default.

Check Article Google, Reference articleand GithubGenericName. All credit for this research goes to the researchers on this project. Also don’t forget to register. our Reddit page and discord channelwhere we share the latest AI research news, cool AI projects, and more.