Google Aims for Secure "Ambient Machine Learning" with Rust-Based KataOS, Sparrow Platform
New OS project is built atop the seL4 microkernel and targeting a secured RISC-V hardware platform with an OpenTitan hardware root-of-trust.
Google has announced the beginnings of an effort to open source a secure operating system, dubbed KataOS, along with a reference implementation called Sparrow — offering what the company claims is a "provably secure platform" for "ambient machine learning."
"Unfortunately, system security is often treated as a software feature that can be added to existing systems or solved with an extra piece of ASIC [Application Specific Integrated Circuit] hardware — this generally is not good enough," Google's research arm explains of its project. "Our team in Google Research has set out to solve this problem by building a provably secure platform that's optimized for embedded devices that run ML applications."
Described by its creators as an "ongoing project with plenty left to do," the KataOS platform is built around the seL4 microkernel and CAmkES framework — and is, Google says, implemented "almost entirely in Rust," as a means of closing off vulnerability points caused by programming flaws like off-by-one errors and buffer overflows.
The base KataOS project will also give way to Sparrow, a reference implementation that combines the operating system with a hardware security platform. This, Google has confirmed, will be based on the open source secure root-of-trust OpenTitan platform with a RISC-V architecture — though its initial release uses a "more standard 64-bit Arm platform" running in simulation via QEMU.
"Our goal is to open source all of Sparrow, including all hardware and software designs. For now, we're just getting started with an early release of KataOS on GitHub," Google's researchers explain. "So this is just the beginning, and we hope you will join us in building a future where intelligent ambient ML systems are always trustworthy."
The KataOS source code is now available on the AmbiML GitHub repository, under the permissive Apache 2.0 license, including what Google describes as "most of the KataOS core pieces" though lacking a planned ability to dynamically load and run third-party applications built out with the CAmkES framework, which the company hopes to publish "in the near future."