Embedded OS inherently prevents tampering
KasperskyOS is a specialized operating system designed for embedded systems with strict cybersecurity requirements. By design, KasperskyOS significantly reduces the chances of “undocumented functionality” (a paraphrase for injected malfunctions as well as program flaws) and thus promises to mitigate the risk of cyberattacks. The operating system introduces a secure-by-design environment for the increasingly attacked embedded systems and IoT devices. Based on a proprietary microkernel, it utilizes established principles of security-driven development such as Separation Kernel, Reference Monitor, Multiple Independent Levels of Security and the Flux Advanced Security Kernel architecture. KasperskyOS was designed with specific industries in mind and thus not only solves security issues, but also addresses organizational and business challenges related to secure application development for embedded systems.
Andrey Doukhvalov, Head of Future Technologies and Chief Security Architect at Kaspersky Lab, comments: “The idea behind KasperskyOS emerged 15 years ago when a small team of experts discussed an approach that would make it impossible to execute undocumented functionality. Further research revealed that such a design is very hard to implement in the environment of a conventional, general-purpose operating system. To address this, we chose to build our own OS that follows the generally accepted rules of secure development, but also introduces many unique features, making it not only secure, but also relatively easy to deploy in applications where protection is needed the most”.
KasperskyOS has been designed to allow programs to execute only documented operations. Developing applications for KasperskyOS requires ‘traditional’ code to be created, as well as a strict security policy that defines all types of documented functionality. Only what is defined by this policy can be executed, including the functionality of the operating system itself. While this has been very time-consuming during the development process of the operating system, it offers a benefits for application developers: a security policy can be developed in parallel with the actual functionality. The functionality itself can in fact be tested immediately: a mistake in the code means undocumented behavior, which is blocked by the OS. Most importantly, the development of a security policy can be customized according to business needs: security can be adapted depending on the application requirements, rather than the other way around.
Andrey Nikishin, Head of Future Technologies Business Development, comments: “There is no such thing as 100% security, but KasperskyOS guarantees our customers the first 99%. Technically speaking, in a really complex environment, attempts to inject a certain code in our system cannot be successful. Our advantage is that, since any malicious operation is undocumented by the security policy, being an integral part of any application, the payload will never be executed. KasperskyOS is therefore immune from the typical cyberthreat agenda of today.”
KasperskyOS is available for OEMs, ODMs, systems integrators and software developers around the world. Successful projects have already been conducted with Russia’s system integrator Kraftway (secure network router), SYSGO (strengthened security for PikeOS real-time operating system with Kaspersky Security System) and European systems integrator BE.services (embedding KasperskyOS technology in specialized Programmable Logic Controllers). Pricing of KasperskyOS varies, depending on requirements.
More information: https://os.kaspersky.com/
Related articles:
Electronica CEO forum talks IoT security, safety
Cyber threats against cars are here to stay, experts say
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
