The internet of things is a new paradigm that is changing the world before our very eyes. It could make our world safer, improve our health, save us time and money, reduce waste and add a new dimension to production control and life in general.
The IoT concept encompasses a huge variety of appliances, gadgets, technologies, software and communication protocols. This heterogeneous environment generates lots of security risks that could seriously hamper any aspect of our life related to the IoT.
Our aim is to make the most of the IoT’s undoubted benefits, while minimizing the associated risks.
The key pillar of built-in security for IoT is a proper security policy. Due to the diversity of IoT applications, security policy enforcement mechanisms must be:
KasperskyOS helps to address the issue of cybersecurity for internet-of-things devices, while minimizing the time required to develop security features.
One of the most important KasperskyOS components is Kaspersky Security System (KSS) – a versatile security engine making it possible to define and check custom security policy for IoT applications. Kaspersky Security System is based on the principle of isolating the security component from the information system’s functional components. This ensures the system’s secure operation regardless of the way its functional components are implemented, making it possible to build trusted systems using untrusted components. As a result, the security policy can be modified without changing any functional components. KSS supports the combining of different security models, including the ability to use basic and specialized policies at the same time. KSS is about more than just malware protection; it also prevents common violations of security rules. The solution adds security without harming production safety. Kaspersky Security System is embedded in the firmware of IoT devices, computing security verdicts that are defined and configured by the manufacturer.
KasperskyOS is secure by design and we intend to keep it that way by using the best practices of software development.
Building the system based on loosely coupled modules helps minimize the amount of trusted code and tailor each solution to specific needs.
The component-based approach to creating secure applications makes developing them relatively easy and convenient, helping reduce the amount of time needed to take new products to market.
Well-designed configuration tools make it easy to create declarative rule definitions and combinations of rules to control interactions in the system.
The security architecture is designed to separate security functions from application business logic, making both configuring security policies and developing applications easier.
KasperskyOS is a reliable platform for embedded systems that have special cybersecurity requirements.
Secure Storage is a key-value database with a simple interface, suitable for storing important configuration parameters.
Every parameter in the database is associated with its own security attributes.
A security policy can be applied to get/set a particular parameter based on its security attributes. It is also possible to specify a security policy for the whole configuration update that ensures individual parameter updates are aligned with each other.
KSS uses secure storage to store security policy parameters. Storage can also be used by any application in a system and a security policy has fine-grained control over which application can use which parameters.
One of the most important services of the Internet for things platform is the service of secure device firmware update. Kaspersky Secure Updater is a technology that ensures two important elements of the secure software update. Firstly, it guarantees that an update isn’t compromised and wasn’t modified during the transfer. This is done using different cryptography methods. Secondly, the component ensures the update process makes minimal use of trusted code, significantly reducing the attack surface. The security of most of the Updater is not that important because if these pieces of code are compromised, an attacker is still unable to bypass the updater and secure boot security mechanisms and embed a malware into the firmware.
Another important element is the Kaspersky Secure Audit technology, which allows to save security events in a special storage using blockchain mechanisms and guarantee the integrity and authenticity of these records. If the record is falsified, the operator will be able to unequivocally tell before which record the log is authentic and when a change has occurred.
US 7386885 B1, US 7730535 B1, US 8370918 B1, EP 2575318 A1, US 8522008 B2, US 20130333018 A1, US 8381282 B1, EP 2575317 A1, US 8370922 B1, EP 2575319 A1, US 9015797 B1, DE 202014104595 U1.