Kaspersky has officially launched KasperskyOS, a secure operating system for network devices, industrial control systems, and the IoT.
Kaspersky says that its new OS introduces a secure-by-design environment for the increasingly attacked embedded systems and IoT devices. The OS is based on a new, developed entirely in-house microkernel and utilizes well-established principles of security-driven development such as Separation Kernel, Reference Monitor, Multiple Independent Levels of Security and the Flux Advanced Security Kernel architecture.
Andrey Doukhvalov, Head of Future Technologies and Chief Security Architect at Kaspersky Lab, comments: "The idea behind KasperskyOS emerged 15 years ago when a small team of experts discussed an approach that would make it impossible to execute undocumented functionality. Further research revealed that such a design is very hard to implement in the environment of a conventional, general-purpose operating system. To address this we chose build our own OS that follows the universally embraced rules of secure development, but also introduces many unique features, making it not only secure, but also relatively easy to deploy in applications where protection is needed the most".
KasperskyOS has been designed to allow programs to execute only documented operations. Developing applications for KasperskyOS requires 'traditional' code to be created, as well as a strict security policy that defines all types of documented functionality. Only what is defined by this policy can be executed, including the functionality of the operating system itself. Such an approach proved to be very time-consuming during the KasperskyOS development process, but for application developers it offers a certain benefit: a security policy can be developed in parallel with the actual functionality. The functionality itself can in fact be immediately tested: a mistake in the code means undocumented behavior, which is blocked by the OS. Most importantly, the development of a security policy can be customized according to business needs: security can be adapted depending on the application requirements, rather than the other way around.
KasperskyOS is not a general-purpose operating system. It is designed for, and meets the requirements of, embedded devices and is aimed at three key industries: telecommunication, automotive and industrial. In addition, Kaspersky Lab is also developing deployment packages for the financial industry (security of POS-terminals and thin client PS) and the security enhancement of critical operations for general-purpose Linux-based systems and endpoints in particular. Ease of deployment is achieved with three packages implementing certain features of KasperskyOS.
KasperskyOS can be used as base on which to build devices like network routers, IP cameras or IoT controllers.
KasperskyOS is available for OEMs, ODMs, systems integrators and software developers around the world.