Kaspersky Security System is a security policy verdict computation engine capable of working simultaneously with different types of security policies (role-based and mandatory access control, temporal logic, control flow, type enforcement, etc.) and can be customized to meet a client’s needs. The more precise the policies, the more control and security afforded the entire system. KSS can be used together with KasperskyOS (the most secure configuration) as well as in a Linux-based solution (secure actions in an unsecure system).
Linux-based operating systems are widely used in embedded systems. Embedded Linux can be found in consumer electronics, in-vehicle infotainment and wireless routers, in industrial automation, the flight software on spacecraft, medical equipment and even on smartphones and tablets. There are dozens of vendors offering specialized versions of Linux for embedded devices. Existing security extensions like SELinux or AppArmor are normally designed for very general use and not always suited for embedded solutions due to being:
Kaspersky offers a method, the means, and a set of practices intended for the reuse and composition of existing software components, resulting in a secure embedded solution that fulfils a variety of needs.
What does KSS for Linux do?
Isolation of Linux containers and control of communications between them.
Redesign of application architecture only.
Works on all Linux versions with containerization support.
The need for remote maintenance and reconfiguration of the embedded solution may force the developer to give extensive privileges to processes that are intended for the appropriate changing of system settings. In the worst case scenario, the reconfiguration functionality is built into the application itself. This sort of design may result in the total compromise of the application and the system itself due to either misuse of reconfiguration functions or exploitation of vulnerabilities in code that is running with excessive privileges.
There is a design solution for this problem that does not require significant effort. It is better to implement remote device reconfiguration using a special isolated agent in the system environment. Any adjustment of the rights for all processes in this environment should be in line with the principle of least privilege. Enforcement of an explicitly defined reconfiguration policy should be provided by mechanisms that are independent of the configured process itself, and this policy should be based on the ‘default deny’ principle. Of course, KSS for Linux implements this design solution.
Although vendors of embedded systems are continuously improving the quality of their code and strengthening the design of new software solutions, legacy applications are still widely used in industrial automation, transportation, energy supply, and other critical domains. Important components that cannot be replaced in the near future and that may threaten the system due to their insecurity, must be isolated and supplied with external hardening measures.
For instance, these measures may include authentication of users and requests, encryption of external connections, request filtering, checking digital signatures for downloaded binaries, and other mechanisms not previously implemented. Kaspersky Security System facilitates the proper integration of legacy components with security services, working as the reference monitor for their interconnection.
Sometimes it is essential that applications running in different predefined modes do not interfere with each other. For example, diagnostic procedures with a physically connected tester must not interfere with remote requests to the equipment under diagnosis. Diagnostic information must not be shared with the remotely connected party.
This non-interference can be achieved by implementing security policies. The enforcement engine may block execution of the application in a particular mode if it does not satisfy the conditions set by the policy. Usually, this policy is specific to a system. The support for flexible security policies and configurations provided by KSS for Linux is very useful in this respect.
The use cases listed above are not isolated scenarios. What is common to all of them is the idea of proper component isolation and control of their communications with a designated mechanism. They can be successfully combined to fit objectives that are more complex. KSS for Linux allows the control of both external and internal communications, which is very important when components of different sensitivity and trust levels intercommunicate.
Kaspersky Security System integrated with Linux is used as a base for:
US 7386885 B1, US 7730535 B1, US 8370918 B1, EP 2575318 A1, US 8522008 B2, US 20130333018 A1, US 8381282 B1, EP 2575317 A1, US 8370922 B1, EP 2575319 A1, US 9015797 B1, DE 202014104595 U1.