Documents and downloads
... / KasperskyOS products / KasperskyOS
KasperskyOS

Many modern computer systems – including systems that form part of critical infrastructure, the internet of things and machine-to-machine communication – have specific security objectives related to their features and special aspects of their use.
To achieve these objectives the system needs to implement an appropriate security policy – and that policy needs to be firmly enforced. Security experts agree that strict enforcement of proper security policies plays the key role in securing the system. But if the issue is just about policy, why are systems still insecure?
General-purpose operating systems are incapable of conforming to the precise security policies of each critical application because general-purpose solutions are flexible and versatile but not intended to be secure by nature. A special-purpose system is likely to implement its specified policy with some guarantees.
There is a gap in the market for products that implement diverse security policies for systems requiring security assurance. KasperskyOS aims to close this gap by providing a high-assurance secure platform which is capable of enforcing any given policy for different critical applications.

Purpose

KasperskyOS aims to protect software and data systems from the consequences of the intrusion of malicious code, viruses and hacker attacks. These can provoke harmful behavior in any part of the system, potentially resulting in loss or leakage of sensitive data, reduced performance and denial of service. In addition it reduces the risk of harm caused by program bugs, unintentional mistakes or premeditated abuse. KasperskyOS creates an environment where a vulnerability or bad code is no longer a big deal. The Kaspersky Security System (KSS) protection component controls interactions across the whole system, rendering the exploitation of vulnerabilities useless.

Advantages

Proprietary microkernel and independent security engine

KasperskyOS is based on a reliable microkernel that implements the only way of communicating. This lightweight microkernel can be used on various platforms. At the same time, the loosely coupled security engine makes it possible to replace the in-house microkernel with another kernel if necessary.

Multi-level compatibility

While the system is kept mostly POSIX compatible, the use of a native API further guarantees the secure behavior of applications. The developer can choose how to keep a proper balance between program code compatibility and security.

Mandatory identification and labeling

All applications in KasperskyOS are accompanied by their security configuration. Nobody can install an application without installing its relevant behavior configuration. Hardware and application-level resources (files, databases, network ports, etc.) are labelled with appropriate security attributes. It is impossible to access a resource that doesn’t have a security label.

Modular design

A modular approach to system design minimizes the footprint of the trusted base and makes it possible to build each individual solution on a case-by-case basis.

Secure architecture of applications

Application design is based on a component model that makes secure development easy and elegant.

Easy-to-configure policies

IPC types and simple configuration language help to easily define the rules of interprocess communication and access control.

Verifiability

Strict adherence to security concepts in system design and implementation makes it possible to verify the security of all solutions based on KasperskyOS.

Initially secure system

KasperskyOS is designed with security in mind and remains secure during its whole lifecycle.

Features

Security principles

Most operating systems consider security a matter of separating and controlling access to system resources. Unlike those operating systems, KasperskyOS extends this scope with capabilities to specify and enforce solution-specific security properties.

  • μKernel. Minimal amount of code lines necessary to make kernel mechanisms work, providing more control over the OS code quality.
  • Strong isolation. The system guarantees isolation of security domains and separation of security features from functional components.
  • Unified inter-process communication (IPC) mechanism. The microkernel provides a single IPC mechanism.
  • Explicitly defined typed interfaces. Every service must statically declare all provided interfaces. KSS verifies the correctness of all IPC messages according to interface declaration.
  • Static security configuration. All processes and their permitted types of communication are preconfigured and checked before functioning.
  • Complete mediation. The microkernel intercepts all inter-process communications and checks with Kaspersky Security System (KSS). KSS calculates access decisions based on the security configuration.
  • Default deny. Any action that is not preconfigured in the security policies is denied by default.

User-space device drivers. Drivers are isolated from each other, the microkernel and applications; because drivers run as unprivileged code, an error in one driver will not affect the rest of the system. Possible to restrict driver access to physical devices.

Trusted components in an untrusted environment

One of the main aims of KasperskyOS is to bring security to a complex system using the minimum amount of trusted components. With KasperskyOS, a complex system can be divided into a set of isolated entities or components. Secure critical functions can be placed in separate simple components with a low attack surface that are easy to verify. Only a bare minimum set of functions is considered to be trusted, while other components are not trusted and may contain problems and vulnerabilities of some kind. By means of KasperskyOS and KSS, security properties are defined and enforced for the whole system. Even if a vulnerability is exploited in one of the untrusted components, it doesn’t influence the whole solution and doesn’t damage critical functions.

KasperskyOS compatibility

KasperskyOS applications can use ISO/IEC 9899:1999 and/or POSIX compatibility layer. PSE51 and PSE52 POSIX 1003.13 profiles are fully supported. POSIX 1003.1 standard is also partially supported with the most notable limitations being the absence of process control primitives (such as fork() and exec()).

Kaspersky Secure Hypervisor supports unmodified guest Linux and Windows operating systems on top of KasperskyOS on platforms supporting hardware virtualization. Applications running inside guest operating systems may have access to native KasperskyOS message passing primitives, which allows the business logic between secure native KasperskyOS applications and rich guest OS applications to be decoupled.

Kaspersky Security System

One of the most important KasperskyOS components is Kaspersky Security System (KSS) – a security policy verdict computation engine capable of working simultaneously with different types of security policies (role-based and mandatory access control, temporal logic, control flow, type enforcement, etc.) and can be customized to meet a client’s needs. The more precise the policies, the more control and security afforded the entire system.

Kaspersky Security System is based on the principle of isolating the security component from the information system’s functional components. This ensures the system’s secure operation regardless of the way its functional components are implemented, making it possible to build trusted systems using untrusted components. As a result, the security policy can be modified without changing any functional components. KSS is about more than just malware protection; it also prevents common violations of security rules. The solution adds security without harming production safety.

Technical requirements

  • CPU requirements: Memory Management Unit; IOMMU (SDMA for ARM) is strongly recommended for reliable isolation of hardware resources.
  • Supported architectures: x86, x86_64, ARMv5, ARMv7, ARMv8 and MIPS32.
  • Tested hardware platforms: Intel Generic and Atom CPUs, NXP i.MX6 (Solo, Duo and Quad), NXP i.MX27, TI Sitara AM335x, TI Sitara AM43xx, HiSilicon Kirin620, MIPS24k.
  • Minimum RAM size is solution specific. Recommended RAM size is 128MB.

Implementation

  • Enterprise systems
  • Special-purpose computer systems
  • The Internet of things
  • Smart grids
  • Industrial systems
  • Telecommunications equipment
  • Transportation systems
  • Critical infrastructure

Patents

US 7386885 B1, US 7730535 B1, US 8370918 B1, EP 2575318 A1, US 8522008 B2, US 20130333018 A1, US 8381282 B1, EP 2575317 A1, US 8370922 B1, EP 2575319 A1, US 9015797 B1, DE 202014104595 U1.