KasperskyOS is a specialised operating system designed for embedded systems with strict cybersecurity requirements. By design, KasperskyOS significantly reduces the chances of undocumented functionality and thus mitigates the risk of cyberattacks. A massive undertaking that has taken Kaspersky Lab’s best talent 15 years to create, KasperskyOS is now commercially available to OEMs, ODMs, systems integrators and software developers around the world. Key implementations of the operating system are tailored for the telecoms and automotive industries as well as critical infrastructure.
KasperskyOS introduces a secure-by-design environment for the ever-growing and increasingly attacked embedded systems and IoT devices. In a modern connected world where rich IoT devices are being used by consumers, utilised in critical infrastructure, control many aspects of our everyday life, the demand for strong security approach is higher than ever. Based on a new, developed entirely in-house microkernel, it utilises well-established principles of security-driven development such as Separation Kernel, Reference Monitor, Multiple Independent Levels of Security and the Flux Advanced Security Kernel architecture. KasperskyOS was designed with specific industries in mind and thus not only solves security issues, but also addresses organisational and business challenges related to secure application development for embedded systems.
Andrey Doukhvalov, Head of Future Technologies and Chief Security Architect at Kaspersky Lab, comments: “The idea behind KasperskyOS emerged 15 years ago when a small team of experts discussed an approach that would make it impossible to execute undocumented functionality. Further research revealed that such a design is very hard to implement in the environment of a conventional, general-purpose operating system. To address this we chose build our own OS that follows the universally embraced rules of secure development, but also introduces many unique features, making it not only secure, but also relatively easy to deploy in applications where protection is needed the most”.
Eugene Kaspersky, Chairman and CEO of Kaspersky Lab, comments: “Our OS started way back in the days when viruses were the most serious cybersecurity problem – long before complex attacks on industrial systems emerged and there was total dependence on computer systems in every aspect of our lives. Back then, the concept of ‘security without limits’ was certainly not on the agenda of the growing IT crowd. We understood from the very beginning that designing our own operating system would be a huge undertaking – a project that would require vast resources for many years before it could be commercialised. Today we see clear demand for strengthened security in critical infrastructure, telecoms and the finance industry, as well as in both consumer and industrial IoT devices. In the beginning it was a risky investment that no other security vendor had the courage to conduct. But today, thanks to our efforts, we have a product that provides the maximum possible level of immunity against cyberattacks – a product based on principles that can be verified independently”.
KasperskyOS has been designed to allow programs to execute only documented operations. Developing applications for KasperskyOS requires ‘traditional’ code to be created, as well as a strict security policy that defines all types of documented functionality. Only what is defined by this policy can be executed, including the functionality of the operating system itself. Such an approach proved to be very time-consuming during the KasperskyOS development process, but for application developers it offers a certain benefit: a security policy can be developed in parallel with the actual functionality. The functionality itself can in fact be immediately tested: a mistake in the code means undocumented behaviour, which is blocked by the OS. Most importantly, the development of a security policy can be customised according to business needs: security can be adapted depending on the application requirements, rather than the other way around.
Andrey Nikishin, Head of Future Technologies Business Development, comments: “There is no such thing as 100 per cent security, but KasperskyOS guarantees our customers the first 99 per cent. Technically speaking, in a really complex environment, attempts to inject a certain code in our system cannot be successful. Our advantage is that, since any malicious operation is undocumented by the security policy, being an integral part of any application, the payload will never be executed. KasperskyOS is therefore immune from the typical cyberthreat agenda of today.”
The deployment flexibility
KasperskyOS is not a general-purpose operating system. It is designed for, and meets the requirements of, embedded devices and is aimed at three key industries: telecommunication, automotive and industrial. In addition, Kaspersky Lab is also developing deployment packages for the financial industry (security of POS-terminals and thin client PS) and the security enhancement of critical operations for general-purpose Linux-based systems and endpoints in particular. Ease of deployment is achieved with three packages implementing certain features of KasperskyOS.
KasperskyOS itself offers maximum security, although its requirements bring an extra challenge to a customer’s development process. It can be used as base on which to build devices like network routers, IP cameras or IoT controllers. It addresses the needs of the telecom industry, critical infrastructure applications and the emerging development of the Internet of Things.
Kaspersky Secure Hypervisor at a slightly reduced cost, Kaspersky Secure Hypervisor makes it possible to execute applications with strict control over how they communicate with each other. It addresses the needs of telecoms, the automotive industry and can also be used for general security purposes, up to the secure operation of endpoints.
Kaspersky Security System brings enforced security to conventional operating systems as well as other embedded and real-time OS with minimal development overheads.
KasperskyOS is available for OEMs, ODMs, systems integrators and software developers around the world. Successful projects have already been conducted with Russia’s system integrator Kraftway (secure network router), SYSGO (strengthened security for PikeOS real-time operating system with Kaspersky Security System) and European systems integrator BE.services (embedding KasperskyOS technology in specialised Programmable Logic Controllers). As a unique project, that is tailored for every customer, the pricing of KasperskyOS varies depending on requirements. More information about KasperskyOS, Kaspersky Secure Hypervisor and Kaspersky Security System, as well as contact information for potential customers is available on a dedicated website. Technical background information is available in this detailed article at Securelist.com.