Kaspersky Security System

Flexible security system of KasperskyOS
Kaspersky Security System

Many modern IT systems, including those that are part of critical infrastructure assets, have unique security requirements.

KasperskyOS allows creating and applying tailored security policies for the solutions it powers. This is enabled by the Kaspersky Security System subsystem, which monitors communications among all parts of the solution, so that only authorized actions are allowed.

Trust and flexibility

Clearly defined security policies are an important component of a reliable IT solution. These are the rules the system will adhere to and that will prevent it from performing unauthorized actions.

Kaspersky Security System is a key component of KasperskyOS, which the microkernel consults for «approval» of all interprocess communications that pass through it. The purpose of the subsystem is to pass security verdicts, i.e. to allow or block communications depending on compliance with specified policies.

Kaspersky Security System is more than just protection from cyberattacks: this element of KasperskyOS prevents cyber-incidents from happening. It also allows to flexibly configure security policies without worrying that the system will lose its functionality. This is made possible thanks to the isolation of security components from functional ones, which prevents them from affecting each other. With this approach it is possible to build robust trusted systems using untrusted elements. Even if a vulnerability in one of them is exploited successfully, it will not affect the solution as a whole and will not interfere with its critical functions.

Advantages of Kaspersky Security System

  1. Policy customization
    Kaspersky Security System makes it possible to set and flexibly customize any type of security policy specified by the customer. Once a policy is developed for an application or module, it can be used again in the future
  2. Scanning of all internal communications
    A typed API must be specified for each application or driver. All messages between system components are checked by Kaspersky Security System for correctness
  3. Default Deny
    By issuing security verdicts for all interprocess communication that passes through the KasperskyOS microkernel, Kaspersky Security System prevents execution of anything that does not comply with the preset policies

Kaspersky Security System operates on the basis of the Flux Advanced Security Kernel (FLASK) architectural paradigm, which provides flexible support for security policies.

By monitoring communications between system processes through preset policies, Kaspersky Security System significantly increases the reliability of the Multiple Independent Levels of Security (MILS) architecture that is part of KasperskyOS. Separation of security domains in this architecture ensures more thorough scanning of isolated entities and greater reliability of systems that incorporate both trusted and untrusted components. Kaspersky Security System facilitates secure updating of software and configurations, and helps to run untrusted software in an isolated environment where it cannot affect system operation.

Materials

Kaspersky Security System

The flexible security system of KasperskyOS

KasperskyOS

The Cyber Immune operating system of the future