Kaspersky Cyber Immunity

At the heart of KasperskyOS is Kaspersky’s own immunity-based approach that enables the creation of IT systems capable of performing their functions in an aggressive environment without additional (applied) security features.

Our entire lives are bound up with gadgets, devices and a variety of smart systems. It’s hard to imagine the modern economy, for example, without a huge number of computers, office IT networks, industrial machines and automated control systems.

Most intelligent systems today are designed without security being considered a primary goal. The use of vulnerable software in cyber-physical systems, which are multiplying, creates a situation where cyberthreats increasingly endanger the safety of humans in the physical world. Kaspersky decided to change this: our specialists created a concept for designing IT systems with “innate” immunity.

We call this a Cyber Immune approach. Cyber Immunity can help create IT systems that are inherently secure and safe. An information system can be said to be immune when most types of cyberattacks directed at it prove ineffective and cannot impact the key functions envisioned during the design phase.

Developing Cyber Immune solutions

Building Cyber Immune solutions based on KasperskyOS provides important advantages to developers:

• Reducing the cost of developing and supporting secure IT solutions. Most software components cannot be trusted in terms of information security. Written by developers with questionable quality or borrowed from public sources — all that matters is that these components fulfill their functions.
• Reducing certification costs. The principles of creating Cyber Immune solutions comply with the standards used by regulators: Common Criteria, ASPICE, ISO 26262, etc.
• Customization capabilities. The FLASK architecture at the heart of Kaspersky Security System makes it possible to set and flexibly customize any type of security policy specified by the customer.

To achieve the Cyber Immunity of solutions based on KasperskyOS, it is necessary to follow a special methodology created by Kaspersky.

A system created in accordance with the Kaspersky Cyber Immunity principles provides:

• the description of its security goals and assumptions;
• the means to ensure the isolation of the security domains and the independent control of all interactions among them;
• the guarantees of accomplishing the security goals in all possible scenarios of using the system considering the described assumptions (except if the trusted computing base of the solution is compromised);
• the assurances of reliability of the solution’s whole trusted computing base which are corresponding to its security class.

To provide the system with Cyber Immunity, the developers have to consider the following:

• which parameters must have guaranteed protection;
• under what conditions and with what provisos will the system be used.