Cyber Immunity

A key element of secure smart IT systems of the future
Cyber Immunity
At the heart of KasperskyOS is an immunity-based approach that enables the creation of IT systems capable of performing their functions in an aggressive environment without additional (applied) security features.

Our entire lives are bound up with gadgets, devices and a variety of smart systems. It’s hard to imagine the modern economy, for example, without a huge number of computers, office IT networks, industrial machines and automated control systems.

Most intelligent systems today are designed without security being considered a primary goal. The use of vulnerable software in cyber-physical systems, which are multiplying, creates a situation where cyberthreats increasingly endanger the safety of humans in the physical world. Kaspersky decided to change this: our specialists created a concept for designing IT systems with “innate” immunity.

We call this a Cyber Immune approach. Cyber Immunity can help create IT systems that are inherently secure and safe. An information system can be said to be immune when most types of cyberattacks directed at it prove ineffective and cannot impact the key functions envisioned during the design phase.

Cyber Immunity will ensure reliable and predictable operation of information systems by minimizing the risks of cyber incidents and related accidents. The concept of Cyber Immunity implies that the risk of entire classes of cyberattacks will be eliminated: they can no longer affect a system’s ability to execute its functions.

The benefits of Cyber Immunity solutions for IT infrastructures with high information security requirements (heavy industry, transportation, energy supplies, etc.) are inextricably linked with the technologies at the heart of KasperskyOS.

  1. Vulnerability monitoring
    The KasperskyOS microkernel has only a few thousand lines of code: just enough to keep it running correctly. The kernel has no undocumented features, which is easy to confirm, and the likelihood of a vulnerability in the code is reduced to a minimum
  2. Scanning of interprocess communications
    The Kaspersky Security System module computes security verdicts for any processes that pass through the microkernel, blocking those that do not comply with security policies
  3. Reliability in any circumstances
    MILS (Multiple Independent Levels of Security) architecture enables the system to respond quickly to external events thanks to quick reconfiguration of system components and the policies governing their interaction (including security policies) without any loss of security guarantees
  4. Reducing risks
    Security domain isolation prevents security properties and functional components from affecting one another. The KasperskyOS microkernel blocks unauthorized actions of software components by default (Default Deny)

Developing Cyber Immune solutions

Building Cyber Immune solutions based on KasperskyOS provides important advantages to developers:

Reducing the cost of developing and supporting secure IT solutions
Most software components cannot be trusted in terms of information security. Written by developers with questionable quality or borrowed from public sources — all that matters is that these components fulfill their functions
Reducing certification costs
The principles of creating Cyber Immune solutions comply with the standards used by regulators: Common Criteria, ASPICE, ISO 26262, etc.
Customization capabilities
The FLASK architecture at the heart of Kaspersky Security System makes it possible to set and flexibly customize any type of security policy specified by the customer

To achieve the Cyber Immunity of solutions based on KasperskyOS, it is necessary to follow a special methodology created by Kaspersky.

A system created in accordance with the Cyber Immunity principles provides:

  • the description of its security goals and assumptions;
  • the means to ensure the isolation of the security domains and the independent control of all interactions among them;
  • the guarantees of accomplishing the security goals in all possible scenarios of using the system considering the described assumptions (except if the trusted computing base of the solution is compromised);
  • the assurances of reliability of the solution’s whole trusted computing base which are corresponding to its security class.

To provide the system with Cyber Immunity, the developers have to consider the following:

  • which parameters must have guaranteed protection;
  • under what conditions and with what provisos will the system be used.

Materials

KasperskyOS

The Cyber Immune operating system of the future