Kaspersky today made avabile KasperskyOS, secure-by-design operating system based on Microkernel architecture which is specially designed for IOT and embedded devices.
It is meant to protect industrial systems and embedded devices from cyber attacks
The reason behind developing KasperskyOS is simple: Growing Internet-of-Things and embedded devices in industrial control systems (ICS) to power critical infrastructure.
It’s quite easy for most companies to get rid of the virus-infected computer, as they all need to do is unplug the infected ones from the network, according to Kaspersky.
But since industrial control systems (ICS) are usually managing critical operations or infrastructure that must be powered on all the time and can not be taken offline for even a while, the malware targeting these ICS systems is a challenging problem.
So, according to Kaspersky, the solution lies in a secure operating system with strict cyber security requirements that could help reduce the chances of undocumented functionality and thus mitigates the risk of cyber attacks targeting ICS or IoT devices.
It’s Secure, But KasperskyOS is not Linux!
This OS is not using linux kernel, instead they are using their own kernel built from scratch.
“All the popular operating systems are not designed with security in mind, so it is simpler and safer to start from the ground up and do everything correctly. Which is just what we did,” said Kaspersky.
The new OS has been designed to allow programs to execute only documented operations under its strict security policy. Only what is defined by the policy can be executed, including the functionality of the OS itself.The OS also has independent security engine that lets users enforce the policy that suits their security objectives.
Proprietary microkernel and independent security engine
KasperskyOS is based on a reliable microkernel that implements the only way of communicating. This lightweight microkernel can be implemented on various platforms. At the same time the loosely coupled security engine makes it possible to replace the in-house microkernel with another kernel if necessary.
Diverse policies enforcement
An independent security engine can enforce the policy that best matches the identified security objectives. The security policy can also be individually configured for every application in the system.
While the system is kept mostly POSIX-compatible, the use of a native API further guarantees the secure behaviour of applications. The developer can choose how to keep a proper balance between program code compatibility and security.
Mandatory identification and labelling
All applications in KasperskyOS are accompanied by their security configuration. Nobody can install an application without installing its relevant behaviour configuration. Hardware and application level resources (files, databases, network ports, etc.) are labelled with appropriate security attributes. It is impossible to access a resource that doesn’t have a security label.
Separation of application features from security functions
The security architecture is designed to separate security functions from application business logic, making both configuring security policies and developing applications easier and faster.
Security domain separation
KasperskyOS efficiently separates security domains – confined groups of applications with a restricted influence on each other. This does not preclude the possibility of interdomain communication, if explicitly allowed.