Many modern IT systems, including those that are part of critical infrastructure assets, have unique security requirements.
KasperskyOS allows creating and applying tailored security policies for the solutions it powers. This is enabled by the Kaspersky Security System subsystem, which monitors communications among all parts of the solution, so that only authorized actions are allowed.
Clearly defined security policies are an important component of a reliable IT solution. These are the rules the system will adhere to and that will prevent it from performing unauthorized actions.
Kaspersky Security System is a key component of KasperskyOS, which the microkernel consults for «approval» of all interprocess communications that pass through it. The purpose of the subsystem is to pass security verdicts, i.e. to allow or block communications depending on compliance with specified policies.
Kaspersky Security System is more than just protection from cyberattacks: this element of KasperskyOS prevents cyber-incidents from happening. It also allows to flexibly configure security policies without worrying that the system will lose its functionality. This is made possible thanks to the isolation of security components from functional ones, which prevents them from affecting each other. With this approach it is possible to build robust trusted systems using untrusted elements. Even if a vulnerability in one of them is exploited successfully, it will not affect the solution as a whole and will not interfere with its critical functions.
Kaspersky Security System operates on the basis of the Flux Advanced Security Kernel (FLASK) architectural paradigm, which provides flexible support for security policies.
By monitoring communications between system processes through preset policies, Kaspersky Security System significantly increases the reliability of the Multiple Independent Levels of Security (MILS) architecture that is part of KasperskyOS. Separation of security domains in this architecture ensures more thorough scanning of isolated entities and greater reliability of systems that incorporate both trusted and untrusted components. Kaspersky Security System facilitates secure updating of software and configurations, and helps to run untrusted software in an isolated environment where it cannot affect system operation.